locked
Monthly Quality Roll Up (Bringing machines up to speed) RRS feed

  • Question

  • Good afternoon,

    This is for a brand new WSUS 2012R2 (6) system migrated from a WSUS 2008R2 (3.2) system. 

    Situation:

    I had been depoying the monthly security and quality updates until January of 2017.  I migrated to a new system after that and it took longer, and in addition MS released no February Updates.  I currently have all my clients configured to communicate to my new server and have synchronized and have the following updates not approved but applicable for some/all of my comps

    KB401250 Flash  2/21/2017

    KB3205404 IE11 4012204 3/14/2017

    KB4012215/6 March Quality Rollup 3/14/2017

    We use a 3 phase system to roll out updates.  I know updates will with be released for the April patch tuesday my question is it best practice to

    A Begin installation of all updates and gradually catch up over the next couple months.  IE approve these updates for a 1 week and cycle through our 3 phrases and be in sync with MS by 2 months

    B Wait until April patch Tuesday and approve both the April and March quality updates? Will they install sequentially?

    or 

    C Disapprove the March Updates and wait for the April Roll ups, ie is in needed to approve the March roll ups if they are superseeded by the upcoming April updates.  I am asking what is practical realizing we have not had updates since January and one to two weeks more are most likely acceptable if not ideal.  Thanks

    Scott Grant

    System Administrator Advanced Home Care


    Wednesday, March 29, 2017 7:05 PM

Answers

  • Hi Scott Grant,

    1. If you want to wait for the April monthly rollup, then we do not need to install March monthly rollup anymore. Since later monthly rollup supersedes pervious monthly rollup, we only need to install the latest one;

    2. As far as I'm concerned, we may approve the March rollup first, make clients download and install, check if the new WSUS server works well and if clients works well with March rollup, when things are stable, you may approve the newest monthly rollup and make clients to download and install.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 30, 2017 5:27 AM

All replies

  • Hi Scott Grant,

    1. If you want to wait for the April monthly rollup, then we do not need to install March monthly rollup anymore. Since later monthly rollup supersedes pervious monthly rollup, we only need to install the latest one;

    2. As far as I'm concerned, we may approve the March rollup first, make clients download and install, check if the new WSUS server works well and if clients works well with March rollup, when things are stable, you may approve the newest monthly rollup and make clients to download and install.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 30, 2017 5:27 AM
  • Thanks Anne I appreciate your quick reply!

    That does really help for our system I think I will just wait till the April update and decline the March Roll ups and start fresh (I have run several machines through this and am confident in the communications between clients and WSUS but understand your preference).

    That definitely confirms how I understood the Rollup system to work and I appreciate your confirmations.  Still not sure about updates like the following:

    KB4010250 (2/21/2017) Flash Security for Win 2012R2

    KB1042204 (3/14/2017) IE 11 Update

    KB4014329 (3/14/2017) Flash Security for Win 2012R2

    Since these aren't rollups when I sync in April I'm assuming more new similar updates for flash and IE will be downloaded.  A couple of questions

    When the new updates download in April will the previously downloaded updates above become superseded?

    Should I disapprove the updates that show superseded and only download the non-superseded updates?

    Should I download them all and let WSUS sort out what to DL?

    If none show superseded should I download them all?

    Thanks again I really appreciate the help in understanding this system

    Scott Grant System Administrator Advanced Home Care

    Thursday, March 30, 2017 12:37 PM
  • Hi Scott Grant,

    >When the new updates download in April will the previously downloaded updates above become superseded?

    Yes.

    >Should I disapprove the updates that show superseded and only download the non-superseded updates?

    The default state of update is "Not approve", if you haven't approve the updates before, we do not need to disapprove them, just approve the updates you want clients to install.

    Besides, when WSUS server sync from Microsoft Update, it only download the metadata of the updates, when we "approve" the updates, WSUS will download the update file from MU into Content folder. So, we just need to approve the needed updates.

    Here is a related blog of the Monthly rollup, for your reference:

    https://blogs.technet.microsoft.com/windowsitpro/2017/01/13/simplified-servicing-for-windows-7-and-windows-8-1-the-latest-improvements/

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, April 5, 2017 2:27 AM