locked
Using WSUS to update customer workstations pre-delivery RRS feed

  • Question

  • Hi,

    We intermittently, as a company, supply PCs to customers 5-20 at a time and windows update each one separately. Can WSUS be used to update these non domain joined workstations to save time and our broadband? If not, is there a method others use to update a bunch of workstaions before delivering to their clients?

    thanks in advance,

    Dave

    Wednesday, May 7, 2014 1:56 PM

Answers

All replies

  • Am 07.05.2014 schrieb Infosolutions:

    We intermittently, as a company, supply PCs to customers 5-20 at a time and windows update each one separately. Can WSUS be used to update these non domain joined workstations to save time and our broadband? If not, is there a method others use to update a bunch of workstaions before delivering to their clients?

    Yes, you can use WSUS with this clients. Add only a couple of Registry
    Keys and Values, after Restart the Client will be visible in your
    WSUS.
    http://technet.microsoft.com/de-de/library/cc708449%28v=ws.10%29.aspx

    But don't vergot to remove the settings later. ;)


    Servus
    Winfried

    Gruppenrichtlinien
    WSUS Package Publisher
    HowTos zum WSUS Package Publisher
    NNTP-Bridge für MS-Foren

    • Marked as answer by Infosolutions Thursday, May 8, 2014 10:23 AM
    Wednesday, May 7, 2014 4:46 PM
  • If not, is there a method others use to update a bunch of workstaions before delivering to their clients?

    Well, to be complete, most enterprises bake those updates into their installation images so they don't even have to deploy updates.

    So, a related question may be how you're getting these 20-at-a-time operating systems installed.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Wednesday, May 7, 2014 9:44 PM
  • Thanks for the solution Winfried. I'll put this to good use :)
    Thursday, May 8, 2014 10:16 AM
  • Thanks for taking the time to reply Lawrence. We roll out systems with the OS pre-installed, it's something we only do when asked and its not core to our business therefore not something we're not especially geared up for. We have all the updates downloaded locally to our WSUS and it just seemed unproductive to have to keep downloading updates from elsewhere which is why I wondered if there was a way to tap into the WSUS for this. Seems like this is possible thanks to the link provided by Winfried. If we were doing this on a more regular basis we may have to build in systems to achieve this, but for now, this investment isn't warranted :)
    Thursday, May 8, 2014 10:22 AM
  • Makes sense, Dave.

    One additional item I'll share. Since you're doing this to essentially do post-OS-deploy patch remediation, you may also find some value in using approval deadlines in conjunction with those new machines, along with a 2-hour detection frequency. This will effectively allow you to patch those systems virtually hands-free and probably in less than a workday.

    Store a REG file on a thumb drive. Import the REG file and restart the WUA service (or reboot the client). The WUA will run a scan automatically on service restart, and every 95-120 minutes thereafter until all available updates have been installed.

    The actual number of cycles needed will depend on whether there are any exclusive updates in the patch collection (e.g. .NET Service Packs most notably) which will trigger their own installation/reboot cycle, but my expectation would be that almost any machine can be completed in three cycles ... which would be about four hours from the time you point the client to the WSUS server and reboot.

    Resist the temptation to use the 1-hour detection frequency, unless you also configure the WUA to use client-side targeting (which is really dependent upon how you currently manage your WSUS environment). If you're using client-side targeting and a 1-hour detection, the update cycles could complete in as little as 2 hours.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, May 8, 2014 4:41 PM