none
Declined, old and superceded updates removed only to download again

    Frage

  • if I put a PC on my network and it connects to the wsus will the wsus then download all security updates from ms that it sees the PC needs even if I no longer have those update on my sus server?

    Does this include superceded upates being downloaded again?

    Does the PC determine what is needed and the wsus in kind installs those needed upates after prompting me that I have updates?

    My understanding is that the admin of the sus would determine what gets downloaded by either declining or accepting the update and then its passed to the system requesting updates?

    Montag, 21. Januar 2013 22:54

Antworten

  • if I put a PC on my network and it connects to the wsus will the wsus then download all security updates from ms that it sees the PC needs

    No. WSUS doesn't care what your systems "need"; it synchronizes every available update for the product category(s) and update classification(s) that you've chosen for synchronization. The WSUS download FILES for the updates that you have Approved for Installation. Presumably the only updates you have Approved for Installation are the updates that are actually NEEDED by one or more of your systems.

    Does the PC determine what is needed

    Yes...
    and the wsus in kind installs those needed upates after prompting me that I have updates?
    No. The client downloads and installs the updates that have been approved, and are available for installation from the WSUS server.

    My understanding is that the admin of the sus would determine what gets downloaded by either declining or accepting the update and then its passed to the system requesting updates?

    This is a functionally correct understanding.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Dienstag, 22. Januar 2013 02:04

Alle Antworten

  • if I put a PC on my network and it connects to the wsus will the wsus then download all security updates from ms that it sees the PC needs

    No. WSUS doesn't care what your systems "need"; it synchronizes every available update for the product category(s) and update classification(s) that you've chosen for synchronization. The WSUS download FILES for the updates that you have Approved for Installation. Presumably the only updates you have Approved for Installation are the updates that are actually NEEDED by one or more of your systems.

    Does the PC determine what is needed

    Yes...
    and the wsus in kind installs those needed upates after prompting me that I have updates?
    No. The client downloads and installs the updates that have been approved, and are available for installation from the WSUS server.

    My understanding is that the admin of the sus would determine what gets downloaded by either declining or accepting the update and then its passed to the system requesting updates?

    This is a functionally correct understanding.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Dienstag, 22. Januar 2013 02:04
  • Thanks for answering.  However, I still don't have an explanation on why my wsus suddenly downloaded over 1k updates that were actually superceded by more recent updates and had to decline all of them.

    They did arrive as new from a sync done that morning.  I understand how wsus functions but im at a loss to why it happened.

    If I clean out my wsus database of all declined and superceded or no longer needed updates, would this then prompt the wsus to download them again?  Even though I have not seen this behavior any other time I reconcile the server.

    Donnerstag, 31. Januar 2013 14:58
  • However, I still don't have an explanation on why my wsus suddenly downloaded over 1k updates that were actually superceded by more recent updates and had to decline all of them.

    Well, basically, the explaination is that those updates were Approved. An Approved updates gets its files downloaded. (Although after I finished the explanation below, I did recognize that you're noting only =1k= of updates were "downloaded", which doesn't sound like files.

    but im at a loss to why it happened.

    There are really only three possibilities for files to be downloaded:

    • The update was automatically approved by an automatic approval rule.
    • The update was approved by a human administrator via the WSUS console.
    • The update was a revision to an existing update that was already approved. (Revisions get automatically approved if the update they replace was already approved.)

    Whichever of these three reasons, the approval event is logged in %ProgramFiles%\Update Services\Logfiles\Change.LOG, so the best approach would be to search that logfile for the update and see what it says about when the update was approved.

    If I clean out my wsus database of all declined and superceded or no longer needed updates, would this then prompt the wsus to download them again?

    Hmm.. so this question suggests to me that maybe we have some confusion about the definition of the term 'download' as relates to WSUS.

    • The WSUS server synchronizes ALL updates in any Product Category, Update Classification, or Language that you have configured. This includes superseded updates that have not been expired by Microsoft.
    • When you approve those updates for installation to a WSUS target group, then the WSUS server downloads the installation file associated with that update.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Sonntag, 3. Februar 2013 00:55