Looking for tips on ideal ways to manage client update deployment RRS feed

  • Question

  • Hi all,

    Newbie to WSUS. I have deployed version 3.0 in an AD environment and seeking support tips on how to deploy patches. We have about 300 computers on our network. Management does not like updates deployed at once b/c if issues arise - its a domino effect.

    This question is for client deployment management - not WSUS management. We do deploy first run of patch testing to a small group of computers (another OU)

    We have groups in WSUS console and we would prefer to configure the updates to run via GPO (the GPO also does client-side targeting that places the computer in the corresponding group in WSUS).

    Currently we have a GPO setup in an OU and we take several computers (WSUS Group Batch 1) and place them in a temp OU where the GPO is linked to. We do that during the week so that by the weekend the GPO status is up to date and the update can run as scheduled on computers in the GPO. The following week we proceed with another group (WSUS Group 2) and remove the computers from Batch 1 and return them to their proper OU.

    This is not very effective from a management point of view for a number of reasons. I'd like some advise or pointers on how we can better streamline this process. Just wondering what others are doing for their WSUS client updates in a AD environment.


    • Edited by berlan Thursday, March 22, 2018 12:00 PM
    Wednesday, March 21, 2018 10:12 PM

All replies