locked
WSUS - Report only - approve update for uninstall RRS feed

  • Question

  • Hello,

    I currently have a WSUS server that is set to autodownload and approve updates.

    I am considering using WSUS for reports only and letting my win10 machines go to the internet for updates.

    I have a few questions hopefully I can get answered.

    1) If I use WSUS for reporting only, Can I Mark updates for removal and will the machines uninstall once they report into WSUS?

    2) If so, can I mark specific device's (one or two machines) as "approved for removal" or is it a one and done..

    Approve update for removal and it removed it from all systems?


    Please advise.


    Thanks

    Tuesday, April 16, 2019 6:06 PM

All replies

  • Hi,
      

    Thank you for posting here.
      

    I am considering using WSUS for reports only and letting my win10 machines go to the internet for updates.

    Which of the following expectations do you want?

    • Updates are still approved by WSUS, but it is not distributed through the server but the client directly connects to the MU download. This may require you to modify the way the update is obtained in WSUS.
    • Updates are no longer approved by WSUS, and WSUS is only used as a monitoring tool. This may require turning on the Dual Scan feature of Windows.
        

    1) If I use WSUS for reporting only, Can I Mark updates for removal and will the machines uninstall once they report into WSUS?

    In any case the relationship between the client and the WSUS server, that is, the WSUS server needs to be the update server for the client. As long as the connection relationship exists, those "allowed to be removed" updates can be removed.
      

    2) If so, can I mark specific device's (one or two machines) as "approved for removal" or is it a one and done..

    Approve update for removal and it removed it from all systems?

    I understand that it is ok.
      

    It is possible that I did not understand your intentions very clearly, and any doubts and explanations are welcome.
     

    Regards,
    Yic

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 17, 2019 3:02 AM
  • Yic,

    I would like all of my client's to go directly to Windows/MS for updates, but report into WSUS.

    I would like MS to decide which updates are needed for the different PC's I have and apply them automatically. (MS updates, Intel, Fuj updates).

    I only want the client's to check into WSUS for the following purposes:

    1) So I can quickly check the update status of a machine.

    2) So I can quickly 'approve a update for removal' (In a event where MS released a bad update that needed to be uninstalled)

    3) So I can decline a update, so that machines do not re-install.

    Overall, I am just not sure if this is possible with a WSUS server that is setup for reports only.


    My last question was..

    If I am able to 'approve a update for removal' when I have my WSUS server setup for reporting only..will I be able to decline a update for specific machines or would it be done by groups?

    Example: Can I approve a update for uninstall on net1-pc and not net5-pc?

    Thanks

    Wednesday, April 17, 2019 11:38 AM
  • 1) So I can quickly check the update status of a machine.

    2) So I can quickly 'approve a update for removal' (In a event where MS released a bad update that needed to be uninstalled)

    3) So I can decline a update, so that machines do not re-install.

    For 1). As long as the communication between the client and the WSUS server is not faulty, the status information reported by the client can be seen in the WSUS console. But as for the reporting time, this is hard to guarantee.
    For 2) & 3). My test is feasible.
      

    If I am able to 'approve a update for removal' when I have my WSUS server setup for reporting only..will I be able to decline a update for specific machines or would it be done by groups?

    Sorry, I think this must be done by "groups".
     

    Regards,
    Yic

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 18, 2019 10:16 AM
  • Hi,
     

    Any update is welcome here.
    If the issue is resolved, share your solution or find the helpful response "Mark as Answer" to help other community members find the answer.
     

    Thank you for your cooperation, as always.
     

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, April 23, 2019 2:24 AM