locked
Keeping up to date Laptops RRS feed

  • Question

  • Hi!

    I have ran wsus for some years now in our company, we have about 500 computers mixed laptops and desktops. I have a internal Wsus running on windows 2012 R2. My challenge is to keep the laptops up to date over time because they often are outside our internal network, traveling and using different Wireless lan's. when we deploy those laptops they get a set of group policy settings regarding the wsus server, one of the rules also states that the user is allowed to download from Microsofts updateservers. But its very few users who actually pay attention to that stuff. So from time to time i get computers inn from users that have'nt been updated for over i year.

    So my question: how can i gain control over the laptops, the same way as i have of my desktops? i'm primarly inntrested in administrating this my self (onsite). Can add that we have a RDS 2012R2 desktop session solution, Remote desktop Gateway and a wildcard certificate. Maybe one can let som updates go trough the gateway server?. But i would prefer that our laptops could contact our wsus server as sone as the had an internet connection.

    Best Regards

    Lars-Göran

    Thursday, January 21, 2016 5:01 PM

Answers

  • If you want remote laptops to update from your WSUS then they need to be able to access it. While on the road this would mean a VPN back into the office network.

    Do you use VPN or do remote users connect through something like Citrix?

    Thursday, January 21, 2016 5:30 PM
  • Hi larsg31,

    Yes, if we want to make external computers to use internal WSUS server to update, when they are outside the internal network, we need to set up VPN to make them access the internal WSUS server.

    If this way, network connection might be slow, the update result might be affected. So, for outside computers, it is not recommended to use internal WSUS server to update, we may use windows update from internet for them.

    If so, when we configure GPO, we shouldn't include those computer.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, January 22, 2016 5:29 AM

All replies

  • If you want remote laptops to update from your WSUS then they need to be able to access it. While on the road this would mean a VPN back into the office network.

    Do you use VPN or do remote users connect through something like Citrix?

    Thursday, January 21, 2016 5:30 PM
  • Hi larsg31,

    Yes, if we want to make external computers to use internal WSUS server to update, when they are outside the internal network, we need to set up VPN to make them access the internal WSUS server.

    If this way, network connection might be slow, the update result might be affected. So, for outside computers, it is not recommended to use internal WSUS server to update, we may use windows update from internet for them.

    If so, when we configure GPO, we shouldn't include those computer.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, January 22, 2016 5:29 AM
  • Ok, thanks. Seems there are no good solution to have laptops up to date then, and that's a pitty since they are more vulnerable than desktops. I supose i could buy intune for a lot of money or buy some servers at Azure cloud.

    Friday, January 22, 2016 2:14 PM
  • GPO all known traveling laptop's for scheduled Updates and force installs. You just have to ensure they vpn and gpupdate force once the change is made.
    Friday, January 22, 2016 2:39 PM