locked
WSUS and server patching RRS feed

  • Question

  • Hello,

    We are looking at using WSUS for server patching.

    Ideally I'd like the servers to download the patches and install them but not reboot. I see from the policies that there's an option to "3 - auto download and notify (i.e. don't install)" or "4 - auto download and install". Additionally there's an option to allow updates that don't require an install to install automatically.

    So if I want servers to download patches but not reboot it looks like I must choose option 3 and allow updates that don't require a reboot to install. Is that correct? After that is it enough to remotely reboot all servers at a set time for the remaining patches to install or must I connect to each server, install the patches, and then reboot? The latter seems to be a lot work (we have some 200+ servers) so I was wondering how others do this or whether there's any best practices.

    Thanks,

    Rakhesh

    Wednesday, July 1, 2015 9:22 AM

Answers

  • Hi Rakhesh,

    >>So if I want servers to download patches but not reboot it looks like I must choose option 3 and allow updates that don't require a reboot to install. Is that correct?

    Yes, that's the best practice.

    We can write some scripts to reduce the work load.

    For detailed information about the best practice, please refer to the link below,

    https://technet.microsoft.com/en-us/library/cc708536(v=ws.10).aspx

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, July 2, 2015 7:39 AM