locked
WSUS Auto-Approval of Only Needed Updates RRS feed

  • Question

  • Server Platform:

    Windows Server 2012R6 64-bit

    XenServer 6.5 VM

    2 Xen e5540@2.53 Ghz w/ 8192 RAM and 240 GB of storage

    WSUS Version:

    Version 6.3.9600.16384


     I am looking to have all Critical and Security updates approved to a group of computers within my WSUS environment.  My issue is that as far as I can tell, when an entire classification of updates (i.e. security) is auto-approved WSUS will download those updates to my WSUS server even if I have no computers which need these updates.  I am setting up a new WSUS server for this purpose.  The amount of download required on the initial sync was something on the order of 150+ GB's.  I do have my classifications as narrowly set as I can we do have several 2008 and 2012 servers.   I have found a third party solution that seems to accomplish this, but it is older and wonder if it is commonly used or if I am missing something.

    WSUS Smart Approve

    So I have a few questions:

    1. Is auto-approval of all security commonly used (from a cursory glance it appears a WSUS administrator manually approving updates is more common)?

    2.  If it is employed, what are the ways one can reduce the downloads,?

    3.  This large initial download, is it cleaned up when no longer needed?  

          If I go in after the fact and Decline all non-needed update will they be deleted and the disk space reclaimed without corrupting the WIM database?

    4.  Does anyone have any experience using the above linked (or other) 3rd party solution?  That includes paid as well.

    Thanks I really appreciate it!

    Scott Grant

    System Administrator I

    Advanced Home Care

    Tuesday, September 6, 2016 6:56 PM

Answers

  • Hi Scott Grant,

    1. When select "Products" and "Classifications", we'd better only check those we need. And it's not recommended to check "drivers" in classifications, since there are a lot of updates for drivers while we just need a few of them. This may save much store space;

    2. When sync, WSUS only download metadata of the updates, when approve, WSUS download the update files. It is suggested to run server cleanup wizard frequently, it may clear superseded and unneeded updates;

    3. If you don't want to approve updates manually, then auto-approve is a good way for security updates and critical updates.

    4. You may use some third-party application to make WSUS management easier, while we will not troubleshoot related issues regarding third-party application.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, September 7, 2016 5:43 AM

All replies

  • Hi Scott Grant,

    1. When select "Products" and "Classifications", we'd better only check those we need. And it's not recommended to check "drivers" in classifications, since there are a lot of updates for drivers while we just need a few of them. This may save much store space;

    2. When sync, WSUS only download metadata of the updates, when approve, WSUS download the update files. It is suggested to run server cleanup wizard frequently, it may clear superseded and unneeded updates;

    3. If you don't want to approve updates manually, then auto-approve is a good way for security updates and critical updates.

    4. You may use some third-party application to make WSUS management easier, while we will not troubleshoot related issues regarding third-party application.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, September 7, 2016 5:43 AM
  • Hi Scott Grant,

    Could the above replies be of help? If yes, you may mark it as answer, if not, feel free to feed back.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 20, 2016 8:47 AM