none
using WSUS 3.0sp2 (2008R2) for reporting only

    Domanda

  • hey,

    we are using 3rd party tools to update our windows servers, however we'd like to utilize WSUS for additional reporting purpose.

    Currently we have Automatic Updates disabled by GPO, not to receive any notifications about updates.

    It looks that computers won't report to WSUS with that setting disabled.

    The goal is to have all servers reporting to WSUS, however we don't want any notifications from windows updates to appear on servers. Is this possible to do somehow?

    giovedì 20 giugno 2013 08:48

Risposte

Tutte le risposte

  • It looks that computers won't report to WSUS with that setting disabled.

    Correct.

    The goal is to have all servers reporting to WSUS, however we don't want any notifications from windows updates to appear on servers. Is this possible to do somehow?

    Easily. It's done by implementing the correct policy settings on the Windows Update Agent, rather than disabling it completely. Of course, if you never approve any updates on the WSUS server, the end-user won't have any notifications to ever receive! :-)

    For more information on configuring the Windows Update Agent see Update and Configure the Automatic Updates Client Computer in the WSUS Deployment Guide.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    giovedì 20 giugno 2013 20:33
  • thanks for response Lawrence,

    I've added newest wuau.adm template to look how i can disable notifications but no joy.

    the only option that appears to be close to it is "Turn on software notification", but that requires at least Vista and does not really disable balloons/pop-ups.

    I need to have updates approved, because in number of cases when we have issues with 3rd party tool we install updates on few servers manually (since they will be pointing to WSUS they won't get any updates if unapproved).

    Do you know what exact modifications i should make?

    thanks in advance

    venerdì 21 giugno 2013 13:55
  • Do you know what exact modifications i should make?

    This is why I provided a hyperlink to the documentation that explains how to do that.

    You might also find some value from reviewing a blog article I wrote on PatchZone.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Contrassegnato come risposta mishaelpl sabato 22 giugno 2013 23:14
    venerdì 21 giugno 2013 18:32
  • thank you Lawrence.
    sabato 22 giugno 2013 23:14
  • Hi, can you advise what settings you actually used so the end user never sees any WU notifications? We're have been using WSUS for servers for a long time, but Altiris for workstations, we want workstations to report to WSUS now to compare with Altiris.

    Configure Automatic Updates = enabled
    Configure automatic updating = 2 - Notify for download and notify for install ? (or 5?)
    Do not display "install updates and shutdown" option = enabled
    Allow automatic updates immediate installation = disabled
    Allow non-administrators to receive update notifications = disabled (this one seems like important setting, all our users non-admins)

    Those settings seem to work ok, but just wondering if there is a better way, or if I'm missing something.
    Thanks

    • Modificato Gareth0208 martedì 3 giugno 2014 21:12 copy\paste messed up
    martedì 3 giugno 2014 21:10
  • Hi, can you advise what settings you actually used so the end user never sees any WU notifications?

    The setting to use for this objective is: Turn off access to all Windows Update features. As described in the previously cited blog post:

    This is the current incarnation of the option to block access to client-side update management functionality. The setting configures WSUS as the only update source and fully blocks access to AU, WU, and MU. It is a computer setting, and will override any user-based settings (e.g. if you enabled restart required notifications in the previous user setting, this one will shut them off). This setting is found in the ComputerTemplates\System\Internet Communication Management\Internet Communication Settings node of the policy editor.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    giovedì 5 giugno 2014 06:27
  • Great, thanks Lawrence.
    So the settings I've picked above will allow the workstation to report to WSUS but not download any updates, and if I add "turn off access to all Windows Update features" it will disable all WU notifications and access, sounds good. Thanks.
    domenica 8 giugno 2014 19:48