Help needed for strategy to Review / Approve / Schedule / Install WSUS updates in organization

• 2012年4月28日 4:47

   

   
  

  0

  Hi, all,

  I got the task to implement WSUS in the organization for hundreds computers.

  I created GPOs to setup clients (W2k8, W2k3, XP, 7 etc) to point to WSUS server with different download/install levels. The business requires that certain if not all updates should be implemented on partial servers / workstations, ie not in one go just in case any unforeseen problems. Once these test machines run OK I can then push the updates to the rest all.

  I have setup Options in WSUS auto-approve "critical" "security" updates to all "Domain controllers" "Member servers" most "workstations" but not to DEV computers - is it a good setting?

  As I am facing thousands and thousands of updates, how should I make sure they are tested in part of "member servers" then rolled over to the rest? I can create in WSUS computer groups like "test servers" and approve some (how to decide?) updates, but my GPO applies to all the "Server" OU. If I have to split in AD "Servers" Ou into "test servers" OU and "rest servers" OU and then apply different GPO to force "test servers" to install tonight and "rest server" to install week later, I'd rather to write some scripts to change a list of computers' registery to Install tonight, and then change "rest servers" registry next week.

  Again, when dealing with thousands of updates I really could not say any particular server has got how much. Especially processing those non-auto-approved updates, it would be impossible to trace how many of them have been manually approved and installed on how many computers (groups) and when.

  Could any WSUS specialist recommend what the Strategy should be considered / adopted?

  Thanks.

  GPING

  • 返信
  • 引用