locked
WSUS for Servers only RRS feed

  • Question

  • Came into a company with a manual patching process using WSUS, not using GP at all.  I am creating a new WSUS environment and attempting to automate all if possible.

    My concern currently is not having some servers reboot after updates are applied.  I know some updates (we are only doing critical and security) may require a reboot after install, but I have a list of servers that have to be done manually.  What I am thinking of doing is creating a group (using CST), and doing option 3 Auto Download and notify for install and then create/schedule a PowerShell script to do the install and reboot the server.

    I have been using SCCM (this a project for later this year) for years and am refreshing my brain on WSUS, am I on the right track for this?

    Monday, January 5, 2015 8:59 PM

Answers

  • What I am thinking of doing is creating a group (using CST), and doing option 3 Auto Download and notify for install

    This is the conventional configuration used for this objective.

    and then create/schedule a PowerShell script to do the install and reboot the server.

    However, I truly do not understand the difference between using a PowerShell script and just *scheduling* the updates to install using the Windows Update Agent. In both cases, the reboot is happening *unattended* and somebody is going to have to check-up on the server's status after the event completes.

    If you're going to launch the PowerShell script from each machine individually, then just open the Windows Update applet in Control Panel and click on Install Updates, and save yourself the time of building and testing a PowerShell script.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, January 6, 2015 2:25 AM
  • If you have *many* servers that require manual attention, a scripted solution that runs remotely would definitely be an asset.

    Requiring server administrators to actively participate in the patch deployment and/or manual rebooting of their servers is another way. :-)


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, January 6, 2015 4:40 PM

All replies

  • What I am thinking of doing is creating a group (using CST), and doing option 3 Auto Download and notify for install

    This is the conventional configuration used for this objective.

    and then create/schedule a PowerShell script to do the install and reboot the server.

    However, I truly do not understand the difference between using a PowerShell script and just *scheduling* the updates to install using the Windows Update Agent. In both cases, the reboot is happening *unattended* and somebody is going to have to check-up on the server's status after the event completes.

    If you're going to launch the PowerShell script from each machine individually, then just open the Windows Update applet in Control Panel and click on Install Updates, and save yourself the time of building and testing a PowerShell script.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, January 6, 2015 2:25 AM
  • After reading out load what I typed, I should have stated that I have yet to talk to the Support Teams on the needs of their servers be restarted via WSUS or Option 3.  We have 800+ servers and I need to get as few option 3's as possible.  But if I have many, I was thinking this is where the PS script would work.

    Thanks for the reply Lawrence.

    Tuesday, January 6, 2015 2:10 PM
  • If you have *many* servers that require manual attention, a scripted solution that runs remotely would definitely be an asset.

    Requiring server administrators to actively participate in the patch deployment and/or manual rebooting of their servers is another way. :-)


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, January 6, 2015 4:40 PM