locked
Client config scenario questions RRS feed

  • Question

  • I've always struggled to figure out the client configuration for WSUS.  I know it's all in GPO and I can point to a WSUS server and all that there.   My question is really how the client works.

    • Windows Server 2012 R2 is my client
    • I want to configure an update to install at 10pm on a Saturday night.
    • I don't want the update to install any earlier than 10pm and I don't want it any later than, say, 10:30pm.   
    • The rest of the month, I would prefer not to have any Windows Update services running on my client machine.

    How can I make this happen?   If I configure, though GPO, for the scheduled install day and time to be, say, Saturday at 10pm, is that the only time the wuauclt will run and detect new updates?   If it finds nothing, how does the service stop until the next weekend?   

    If I have Windows Update enabled and started, and an update comes out mid week that is critical and I approve it, I would think it would only install on Saturday at 10pm anyway.   At least this is my intuition.   In practice, I have scheduled deadlines at, say, 5pm, and had them run at 5pm.   What is causing Windows Update to check then? 

    This is just odd to me.   Why can't I simply tell WSUS to push the patches at a specific time on a specific date and have it done?   A push scenario should be easy to do, but WSUS is a pull system, and the behavior of it just never has seemed intuitive to me.

    Thanks!

    Wednesday, November 18, 2015 8:08 PM

Answers

  • Windows updates client will check once a day by default for updates. Only the install time is configured, setting the install time and date allows you to accurately define when the updates would be installed. In a business you need the updates to install at a convenient time which this allows.

    Using this method clients download their updates at random times so as not to overload the network

    If you want to install on a single machine at a different time you can run windows update manually or for multiple machines, just reconfigure the GPO to the sooner date and time, let the machiens update, then change the GPO back again after.

    Having a push system woud only work in small environments otherwise it would consume huge network resources. Can you imagine WSUS trying to push out 500MB update to 500 computers at the same time? The network would fall over. Having the clients pull them down intermitently and then you having the choice over install time is a superior, more resource friendly method of deploying these updates.
    • Proposed as answer by Steven_Lee0510 Tuesday, December 8, 2015 5:56 PM
    • Marked as answer by Steven_Lee0510 Wednesday, December 9, 2015 12:10 AM
    Thursday, November 19, 2015 3:44 PM
  • So if, on a Monday, I approve updates on WSUS to be installed at 10pm on a Saturday night, the clients will check and download them beforehand basically at any point, but will still only install them at 10pm on Saturday night?  

    Yes that's right.

    You "choose" when to install them by setting the WU client settings. If your install day is saturday then anything you approve will be installed next saturday. The "approval" and the time they get installed are different settings. One if set via WSUS and the other by clint settings.

    Download and Schedule Install is the option you want to do it this way. Download and notify will download the updates and prompt whatever administrator logs into the machine to install the updates manually.


    • Edited by MikeeMiracle Monday, November 23, 2015 6:02 PM
    • Proposed as answer by Steven_Lee0510 Tuesday, December 8, 2015 5:56 PM
    • Marked as answer by Steven_Lee0510 Wednesday, December 9, 2015 12:10 AM
    Monday, November 23, 2015 6:00 PM

All replies

  • Windows updates client will check once a day by default for updates. Only the install time is configured, setting the install time and date allows you to accurately define when the updates would be installed. In a business you need the updates to install at a convenient time which this allows.

    Using this method clients download their updates at random times so as not to overload the network

    If you want to install on a single machine at a different time you can run windows update manually or for multiple machines, just reconfigure the GPO to the sooner date and time, let the machiens update, then change the GPO back again after.

    Having a push system woud only work in small environments otherwise it would consume huge network resources. Can you imagine WSUS trying to push out 500MB update to 500 computers at the same time? The network would fall over. Having the clients pull them down intermitently and then you having the choice over install time is a superior, more resource friendly method of deploying these updates.
    • Proposed as answer by Steven_Lee0510 Tuesday, December 8, 2015 5:56 PM
    • Marked as answer by Steven_Lee0510 Wednesday, December 9, 2015 12:10 AM
    Thursday, November 19, 2015 3:44 PM
  • So if, on a Monday, I approve updates on WSUS to be installed at 10pm on a Saturday night, the clients will check and download them beforehand basically at any point, but will still only install them at 10pm on Saturday night?   

    What option for the client should I set?   Download and notify, download and install, or what?   Does the deadline set on the approval override this setting and just force the download and installation at that time no matter what?   

    Friday, November 20, 2015 2:12 PM
  • So if, on a Monday, I approve updates on WSUS to be installed at 10pm on a Saturday night, the clients will check and download them beforehand basically at any point, but will still only install them at 10pm on Saturday night?  

    Yes that's right.

    You "choose" when to install them by setting the WU client settings. If your install day is saturday then anything you approve will be installed next saturday. The "approval" and the time they get installed are different settings. One if set via WSUS and the other by clint settings.

    Download and Schedule Install is the option you want to do it this way. Download and notify will download the updates and prompt whatever administrator logs into the machine to install the updates manually.


    • Edited by MikeeMiracle Monday, November 23, 2015 6:02 PM
    • Proposed as answer by Steven_Lee0510 Tuesday, December 8, 2015 5:56 PM
    • Marked as answer by Steven_Lee0510 Wednesday, December 9, 2015 12:10 AM
    Monday, November 23, 2015 6:00 PM