locked
How does WSUS pick up updates? RRS feed

  • Question

  • Hi Everyone,

    Looked about for this answer but can't find one so hoping someone can help me. I've just configured my first WSUS server and going through the updates. I was curious as to how WSUS picks them up? I currently have over 9000 to go through to approve or deny. 

    I've been told you only get updates to Operating Systems that are actually on your network. Is this true? I was under the impression that WSUS picked up every update pushed out by Microsoft and you only approved those that applied to your network. 

    Any help on this would be much appreciated!

    Liam 

    Wednesday, June 24, 2015 1:24 PM

Answers

  • the 9000 updates which are presented to you are based on the products and classifications you selected during the initial wsus configuration wizard.  it doesn't go out and detect what's on your network and download patches for those products, it goes by what you tell it to patch for you.

    now let's say you selected windows 8 as a product and classification of security updates, it will download all security updates ever released for windows 8, whether your workstations have some/all of them installed or not

    it's in your best interest to approve all of them to ensure you're fully compliant

    wsus itself will not bother with superseded updates replaced by newer updates and will start getting the latest updates from the catalog and then pushing them to the clients on a needed basis.  if it detects updates already exist on some systems, while it still downloads them to the wsus server, it will not try to re-install them on the clients.

    the main thing to consider here is to only select the products and classifications you actually need updates for because more updates = more disk space

    the only time you need to worry about what you're approving is if there is something you specifically don't want installed. for example if you don't want to push out IE11 to windows 7 desktops, you would decline that update

    • Marked as answer by NECCLiam Thursday, June 25, 2015 7:55 AM
    Wednesday, June 24, 2015 7:22 PM

All replies

  • the 9000 updates which are presented to you are based on the products and classifications you selected during the initial wsus configuration wizard.  it doesn't go out and detect what's on your network and download patches for those products, it goes by what you tell it to patch for you.

    now let's say you selected windows 8 as a product and classification of security updates, it will download all security updates ever released for windows 8, whether your workstations have some/all of them installed or not

    it's in your best interest to approve all of them to ensure you're fully compliant

    wsus itself will not bother with superseded updates replaced by newer updates and will start getting the latest updates from the catalog and then pushing them to the clients on a needed basis.  if it detects updates already exist on some systems, while it still downloads them to the wsus server, it will not try to re-install them on the clients.

    the main thing to consider here is to only select the products and classifications you actually need updates for because more updates = more disk space

    the only time you need to worry about what you're approving is if there is something you specifically don't want installed. for example if you don't want to push out IE11 to windows 7 desktops, you would decline that update

    • Marked as answer by NECCLiam Thursday, June 25, 2015 7:55 AM
    Wednesday, June 24, 2015 7:22 PM
  • Thanks armin for clearing this up for me. 

    I don't know if this would need to be a separate thread but what would I need to do if I need to add more products and classifications to WSUS? Also if I need to remove any?

    Many Thanks.

    Thursday, June 25, 2015 7:55 AM
  • in the wsus console, on the left hand navigation tree, click options > products and classifications
    Thursday, June 25, 2015 2:32 PM