locked
I'm looking for a reliable link to set up WSUS through MDT RRS feed

  • Question

  • Our org runs MS Updates manually on each pc as we build them after deploying an image to them. Somehow, with 1703, our AD group is blocking the local administrator from being able to run MS Updates (we could in 1603). Rather than spend however long looking into that, I'd like to look at using WSUS to deploy updates during MDT deployment, where the one single AD account I have has access to do all what I need.
    There are lots of links out there on how to set up WSUS. Too many as well explain how to link it up to MDT so I'm looking for a reliable, valid link to explain it. WSUS and updates are not at all in my expertise and I know little about choosing/allowing updates, but the only thing we want to stay away from is any Feature (OS Upgrade) via the updates.
    One question I have in advance is...are most people using a separate server for WSUS and not the MDT server? Currently I use our imaging server for MDT Deployment and PXE so I don't know if it's practical to use it for WSUS as well, as far as efficiency.
    Thanks
    Tuesday, October 31, 2017 2:43 PM

Answers

  • You may want to take a look at the WindowsUpdate.log. If I were in your shoes, I would try figuring out what is blocking Windows Updates before resorting to workarounds such as WSUS (it would qualify as a workaround in this case). You said it yourself, updating Windows manually worked before. What happens if you try running Windows Updates via MDT?

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Marked as answer by the1rickster Wednesday, January 31, 2018 3:51 PM
    Friday, November 3, 2017 8:36 AM

All replies

  • I am a bit fuzzy on the details here: do you guys already have a WSUS server in place or are you looking into setting up a WSUS server? Either way, you would need to enable client side targeting to allow client to auto assign itself into the Windows 10 group. But before we get into that: I myself have seen issues with Windows Update component in 1703 behind a proxy - I did not spend too much time looking into the issue, as I routinely include latest CU in the deployment share. Could you share your ZTIWindowsUpdate.log?

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Wednesday, November 1, 2017 9:02 AM
  • Thanks. We do not have any sort of WSUS in place. We manually run MS Updates per machine during the user-configuration. Oddly, we could be logged on as Admin in 1607 and run updates in our policy-free OU. In 1703, something has us blocked.

    I wasn't sure if having a WSUS server hand out updates during MDT cloning would be any more beneficial than us running them manually (now as user in that OU).

    Friday, November 3, 2017 2:50 AM
  • You may want to take a look at the WindowsUpdate.log. If I were in your shoes, I would try figuring out what is blocking Windows Updates before resorting to workarounds such as WSUS (it would qualify as a workaround in this case). You said it yourself, updating Windows manually worked before. What happens if you try running Windows Updates via MDT?

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Marked as answer by the1rickster Wednesday, January 31, 2018 3:51 PM
    Friday, November 3, 2017 8:36 AM