This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Updating laptops that randomly move between LAN and Internet?

Question
0

Sign in to vote

To optimize speed and bandwidth utilization, we would like laptops to pull updates from our local WSUS content store when they are brought into the office and are connected to the LAN. When the same laptops are taken offsite we would like those laptops to download updates from Microsoft Update servers on the Internet.

We don't want laptops on the Internet having to pull updates from our internal WSUS and we don't want laptops on the LAN pulling updates from Microsoft.

What's the best way to do this reliably?

What about setting the Group Policy that configures Windows Update location at the site level instead of at the OU level and then setting the VPN network on a different AD site? That way when the laptop connects to VPN and refreshes group policy, the Windows Update policy would point to downloading from Microsoft, and when the same laptop is brought on the corporate LAN, the group policy would change to the internal WSUS server.

This seems like it could possibly work, but I see some problems because the policy update change may not be timely.

What if the laptop is on the LAN set to check approvals and download updates from our Internal WSUS, but is then taken offsite and used on the Internet, but not connected to VPN? In that case it would still be configured for WSUS and because it never received a group policy change, it would keep trying and failing to check in to the configured WSUS sercer and would never update again until it connected to VPN or was brought into the office again.

Is there some way handle this situation such as some kind of location aware reconfiguration or configuring an automatic failover to get updates from Microsoft when WSUS is not available? We do this with our antivirus. When the system is able to contact our internal AV management server, it pulls definition updates from there and if cannot reach it, it pulls the updates from the antivirus vendor's site over the Internet.

Saturday, January 23, 2016 8:03 PM

Answers

0

Sign in to vote
Hi MyGposts,

According to your description, you want to make the laptop to update from WSUS when it connect to internal network, update from Microsoft Update when it connect to internet.

If we want the client to check updates from Internet, we can manually click "Check online for updates from windows updates", although we configured automatic update from WSUS.

So, when the laptop is outsides, we may manually update, when inside, use WSUS to automatic update

Best Regards,

Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Anne HeMicrosoft contingent staff Wednesday, February 3, 2016 1:33 AM
- Marked as answer by Anne HeMicrosoft contingent staff Friday, February 12, 2016 3:46 AM
Monday, January 25, 2016 5:58 AM