locked
Can we push patches from WSUS server? RRS feed

  • Question

  • Can we push patches from WSUS server?
    Monday, August 22, 2011 5:00 PM

Answers

  • Hi,

    there is no mechanism to push the updates directly from the wsus server to the clients.

    The clients will contact the wsus server within a configured time to get the updates (default every 22hours)

    Have a look here (section: automatic update detection frequency):  http://technet.microsoft.com/en-us/library/cc708574(WS.10).aspx


    Chris
    • Proposed as answer by Vincent Hu Thursday, August 25, 2011 7:01 AM
    • Marked as answer by Vincent Hu Wednesday, September 7, 2011 8:45 AM
    Tuesday, August 23, 2011 2:35 PM
  • In my production environment, patches are dectecting to clients once we approved on WSUS, any idea how come it is happening?

    Uh... because that's how it works.

    Apparently I'm not understanding your questions either...


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    • Proposed as answer by Vincent Hu Thursday, August 25, 2011 7:02 AM
    • Marked as answer by Vincent Hu Wednesday, September 7, 2011 8:45 AM
    Tuesday, August 23, 2011 8:01 PM

All replies

  • What type of patches are you referring to? Patches for different types of software? Or Windows updates? WSUS is only for windows udpates. You will need some other program to push patches for other programs.
    Monday, August 22, 2011 6:41 PM
  • Hi Thanks for reply.

    I'm talking about windows security patches.

    Tuesday, August 23, 2011 7:42 AM
  • Hi,

    there is no mechanism to push the updates directly from the wsus server to the clients.

    The clients will contact the wsus server within a configured time to get the updates (default every 22hours)

    Have a look here (section: automatic update detection frequency):  http://technet.microsoft.com/en-us/library/cc708574(WS.10).aspx


    Chris
    • Proposed as answer by Vincent Hu Thursday, August 25, 2011 7:01 AM
    • Marked as answer by Vincent Hu Wednesday, September 7, 2011 8:45 AM
    Tuesday, August 23, 2011 2:35 PM
  • Hi Lord,

    In my production environment, patches are dectecting to clients once we approved on WSUS, any idea how come it is happening? (I have checked policies and could not found any parameter, which will cause this).

    Tuesday, August 23, 2011 5:31 PM
  • It's hard to understand you. You first ask how to push updates. Lord told you clients contact wsus for updates. Now you're saying clients are detecing updates. I am not seeing the problem?

    If you're referring to the popup by the clock saying there are updates available when users logon then that is because either:

    1) the users are admins on their pc, so they will see available updates

    2) your gpo allows non-admins to see available updates

    I'm guessing it's #1 since you say you can't find #2 in your gpo.

    Tuesday, August 23, 2011 5:36 PM
  • Hi Jonathan,

    Thanks  for your reply.

    My first question is answered by Lord there is no doubt at all ( This is just conformation, whether I can push pathes).

    Second one is my observation, as per your expalnation, I'm able to see available patches as my account has admin rights, however my question is how I can see all the available patches from client, once immediatly I approved on WSUS, as per Lord client is having some schedule time to communicate with WSUS (Default is 22 hours/ here setting on my environment is same)

    - Thanks again.


    Tuesday, August 23, 2011 6:34 PM
  • In my production environment, patches are dectecting to clients once we approved on WSUS, any idea how come it is happening?

    Uh... because that's how it works.

    Apparently I'm not understanding your questions either...


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    • Proposed as answer by Vincent Hu Thursday, August 25, 2011 7:02 AM
    • Marked as answer by Vincent Hu Wednesday, September 7, 2011 8:45 AM
    Tuesday, August 23, 2011 8:01 PM
  • ...., once immediatly I approved on WSUS, as per Lord client is having some schedule time to communicate with WSUS (Default is 22 hours/ here setting on my environment is same)



    the updates won't immediatly installed on the client after approving, because the client will contact the wsus server after a scheduled time...

    you can configure the time via GPO: http://technet.microsoft.com/en-us/library/cc708574(WS.10).aspx   (section:  automatic update detection frequency)

    or via registry (for clients that are not member of active directory):  http://technet.microsoft.com/en-us/library/cc720464(WS.10).aspx   (DetectionFrequency and DetectionFrequencyEnabled)

     

    On the client you can force to conntect to the wsus with the command line "wuauclt /detectnow"
     


    Chris
    Tuesday, August 23, 2011 9:35 PM