Auto-Approvals when updates are not stored locally RRS feed

  • Question

  • Hello,

    I am planning to setup my WSUS server to not store updates files locally

    -"Do not store update files locally;computers install from MS update".

    I am curious if I will still need to setup approval rules for my groups in WSUS or will the machines download whatever is available via Windows updates at that given time?

    Overall, I am looking to use WSUS for reporting only and possibly marking a update for removal.

    I want the client's to act as a stand alone machine that was never pointed to a WSUS server and getting updates only from Windows Update.

    Please advise.

    Tuesday, May 21, 2019 1:43 PM

All replies

  • Hi,

    The updated program download action occurs after the update is approved for installation.
    So whether you choose to store the update on the server or not to have the computer access the MU directly, you need to complete the approval first.

    In addition, the [Specify intranet Microsoft update service location] in the client group policy must be set to WSUS server, which is a condition to ensure that clients can report to WSUS.

    Hope the above can help you.


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, May 22, 2019 1:40 AM
  • If you're going to auto-approve stuff, and let the systems download directly from MS, why wouldn't you use WUfB?

    Adam Marshall, MCSE: Security
    Microsoft MVP - Windows and Devices for IT

    Saturday, May 25, 2019 4:22 AM
  • I have many win7 and win8.1 machines on the network.

    WSUS gets us the updates & reporting all in one and is working great at this point.

    I have yet to enable driver's, so I am not completely sure how we'll this will work once that class is enabled.

    Tuesday, May 28, 2019 2:53 PM