locked
WSUS- Computer groupping RRS feed

  • Question

  • Hi Team,

    WE just started the patching with Standalone WSUS patching.

    We are doing only server patching - All are win 2012 R2

    We have already finish Dev, and Test grouping patching. today we just start configuring prod server and all are reported back sucessfull. After few min all the server getting patches from WSUS. i have not approve all the Prod computer group patches so not sure why they are getting the patches without approval from WSUS? i have checked winodwsupdate.log and they are getting the patches from WSUS. There is not auto approve configured.

    I have created all the computer grouping under all computer. there is no child group under custom computer group.

    below prod are getting the patches.  Can you please help me how i can control the patches deployment only when i approve then it will deploy? not automatically.  

    Monday, July 16, 2018 7:15 AM

All replies

  • How do you know they got updates?

    Open one of them and check what is their update server by checking the following registry key:
    HKLM\software\policies\windows\WindwosUpdate

    Do you have any "Deadline" settings in your WSUS server? - Please re-check it before answering no.



    Windows IT MVP 2015 /2016 www.PelegIT.co.il Thank you!

    Monday, July 16, 2018 7:19 AM
  • Thanks for your quick response. 

    When i was checking in WSUS console what are the patches require for those computer and need patches are showing downloaded and when i login to the server then it was waiting for schedul installed for patches installtion (which Sat 14:00 - Local GPO configure auto update time - 7- Every Sat time 14:00)

     I have double check registery again now in few machines - In the registry windows update - its pointing to WSUS server ( i mean its showing WSUS sever name) 

    There is no deadline set. 

    is there any issue in my previous screen shot showing install (inherited)? not sure its default behavior "install (Inherited)"   

    Look forward your same support. thanks.

    Monday, July 16, 2018 8:05 AM
  • Hi,

    Let's try to approve updates to the groups without selecting "All computers".

    Hope it helps.


    Best regards,
    Johnson

    =====================
    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 16, 2018 9:41 AM
  • Hi Jason,

    Thanks for your response.

    do you mean select require patches,right click and select group  and approve for installation to that group? if yes then i did the same process.

    I have approve patches on specif group only like Dev and test of respective platform. for Production i did not even approve and its getting patches so not sure what is the link between those group? as soon as any machines is adding to respective prod group patches start detecting to those machines.

    not sure why its showing inherited , all the groups are created under unassigned group, is it default behavior when we approve any of the group under unassigned group? is there any way to un-inherited 

    what could be possibility ?

     

    Monday, July 16, 2018 10:18 AM
  • Hi, 

    The "inherited" means that if we approve for "all computers", then all groups will inherite this approve action. Therefore, we should not select "all computers", if we just want to approve to "WSUS" group.



    Best regards,
    Johnson

    =====================
    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    Tuesday, July 17, 2018 2:42 AM
  • Thanks again for your response. not sure how its approve in all computer.  Let me check this patching cycle and let you know if in case any issues. Appreciate for your time. 

    Wednesday, July 18, 2018 11:13 AM
  • Hi,

    Is my suggestion helpful. I would appreciate it if you could make the reply as answer.
    If there are more questions, please feel free to contact me.


    Best regards,
    Johnson

    =====================
    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    Thursday, July 19, 2018 2:48 AM