29 Mayıs 2012 Salı 22:41
We currently have Patchlink in place, but I want to move to WSUS. I have just installed and configured WSUS. I have group policies that pair AD OU's to to WSUS computer groups. I have configured the WSUS group policy settings and all of the computers are showing up in the WSUS console. I am ready to deploy, but we have a bandwidth limitation at our branches. Currently, when a roaming user plugs in their laptop at a branch and they have been off network for a while, patching that individual laptop just eats all of the bandwidth (T1) for that particular branch. Is there a way in group policy to allow only the laptops to update off network and enforce it. Any information would be greatly appreciated.
Thank you in advance,
30 Mayıs 2012 Çarşamba 03:35Moderatör
I have two suggestions:
1.Setup a downstream WSUS server in your branch office.
2.Exclude the laptop to contact WSUS. Instead, let the laptops patch themselves thru the MU.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
31 Mayıs 2012 Perşembe 16:55
If you have a bandwidth limitation in your branches, and you a network file share within those branches, you can implement a very simple solution by using the caching feature of the command line tool WuInstall to save most of the bandwith downloading each updates exactly once instead of every time for each laptop.
See This tutorial
Downloads each update only the first time it is needed into a cache directory at the network share, all subsequent updates get it from there instead of downloading again, it works out very good for some of our clients, even in very large enviroments
02 Haziran 2012 Cumartesi 16:16Moderatör
Currently, when a roaming user plugs in their laptop at a branch and they have been off network for a while, patching that individual laptop just eats all of the bandwidth (T1) for that particular branch. Is there a way in group policy to allow only the laptops to update off network and enforce it.
A few things to understand here.
First, the default behavior of any client system that is powered off during a scheduled installation event is to install updates at power on. But only if those updates were already downloaded and scheduled. This behavior can be disabled.
Second, the WUAgent is network aware, so if the notebook is failing detections because of lack of connectivity, this is what is triggering the detection and download of updates when the machine comes on the local network.
Third, updates are downloaded via BITS based on available bandwidth at the NIC -- but if the machine has a gigabit NIC and a megabit WAN connection to the upstream server, this will saturate the WAN connection.
The first thing to do in this instance is to enable BITS policies on these notebooks so they cannot saturate the WAN links.
The second thing to do, if you have a large enough number of clients on the remote site is to install a replica server.
Excluding the laptops from using WSUS will NOT solve the problem -- all that will do is allow the notebooks to download updates from Microsoft, rather than the local WSUS server, and probably saturate your Internet link as well -- plus, you will have no control over what is installed on those notebooks, when it is installed, and you will have no status reporting on them.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
- Yanıt Olarak İşaretleyen Teufelhunden 05 Haziran 2012 Salı 15:47