locked
WSUS fallback without using forefront security? RRS feed

  • Question

  • Is the WSUS microsoft update fallback functionality only available using forefront? Is there anyway to configure this without utilizing forefront? We already have an antivirus/security solution and would hate for us to have to get forefront just for this one piece of functionality.
    Wednesday, May 26, 2010 1:00 PM

Answers

  • IE for laptops etc if you could tell them hey if you don't reach your WSUS server X times in Y hours then go to MU and pull/install all security updates available there ?  :)  That's what I'm guessing you mean anyway.

    So the quick answer is I don't know of such a thing off hand thats available.

    There might be such a thing around though but I know MS hasn't made that as far as I know and I think I'm up to date with regards to WSUS stuff..  I would check around on the http://wsus.info forums to see if anyone has looked into this that or the WUA/MU/WSUS MS forums. 

    Basically it's a chunk of code in the FCS client that uses the WUA API and a timer where the FCS client calls into WUA and if it gets an error x times in y amount of time it uses teh WUA API to query MU for only FCS Signatures (very targetted search query in this case) however the same thing could probably be written as some type of WUA API script if you knew what you were doing.


    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Friday, May 28, 2010 6:45 PM

All replies

  • WSUS is not related only to Forefront, it also delivers updates (Windows, Exchange, SQL, Office, ...) to corporate environments from Microsoft Update http://technet.microsoft.com/en-us/wsus/default.aspx
    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)
    Wednesday, May 26, 2010 9:28 PM
  • WSUS is not related only to Forefront, it also delivers updates (Windows, Exchange, SQL, Office, ...) to corporate environments from Microsoft Update http://technet.microsoft.com/en-us/wsus/default.aspx
    Bechir Gharbi. MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront (Time Zone : GMT+1)

    Hello,

    I am aware that WSUS is not only related to forefront. I am asking about the fallback functionality in the forefront client security as it pertains to WSUS. I want to know if I can set this manually somewhere in the system using other methods aside from purchasing the forefront server.

    Friday, May 28, 2010 12:25 PM
  • IE for laptops etc if you could tell them hey if you don't reach your WSUS server X times in Y hours then go to MU and pull/install all security updates available there ?  :)  That's what I'm guessing you mean anyway.

    So the quick answer is I don't know of such a thing off hand thats available.

    There might be such a thing around though but I know MS hasn't made that as far as I know and I think I'm up to date with regards to WSUS stuff..  I would check around on the http://wsus.info forums to see if anyone has looked into this that or the WUA/MU/WSUS MS forums. 

    Basically it's a chunk of code in the FCS client that uses the WUA API and a timer where the FCS client calls into WUA and if it gets an error x times in y amount of time it uses teh WUA API to query MU for only FCS Signatures (very targetted search query in this case) however the same thing could probably be written as some type of WUA API script if you knew what you were doing.


    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Friday, May 28, 2010 6:45 PM