locked
Approve updates from WSUS, download from Microsoft? RRS feed

  • Question

  • Is it possible to approve updates via WSUS (or another MS product such as SCOM) but configure the client to download the updates from Microsoft's Windows Update site?  With 99% of users being remote, goal is to control the updates that are installed, but not use our corporate internet pipe for downloading updates.

    Thanks!

    Saturday, November 13, 2010 10:43 PM

Answers

  • Is it possible to approve updates via WSUS ... but configure the client to download the updates from Microsoft's Windows Update site? 

    Absolutely. This is a fundamental feature of WSUS. You achieve this by configuring the WSUS server to NOT have a local content store, and this forces the client systems to download content directly from Microsoft.

    This is discussed in the section Determine Where to Store WSUS Updates in the WSUS Deployment Guide.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    • Marked as answer by ChrisC7 Monday, November 15, 2010 5:14 PM
    Monday, November 15, 2010 3:10 PM

All replies

  • Is it possible to approve updates via WSUS ... but configure the client to download the updates from Microsoft's Windows Update site? 

    Absolutely. This is a fundamental feature of WSUS. You achieve this by configuring the WSUS server to NOT have a local content store, and this forces the client systems to download content directly from Microsoft.

    This is discussed in the section Determine Where to Store WSUS Updates in the WSUS Deployment Guide.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    • Marked as answer by ChrisC7 Monday, November 15, 2010 5:14 PM
    Monday, November 15, 2010 3:10 PM
  • Thanks Lawrence!
    Monday, November 15, 2010 4:46 PM
  • Is it possible to do both? I want some locations to utilise their local, fast Internet connections for the download, but other sites have to go through the WAN or are on the same site as the main WSUS server,and should just get their updates internally.

    Can that be configured? Do I have to install another WSUS instance somewhere so I can point different sites/clients to each?

    Friday, February 5, 2016 10:11 PM
  • Is it possible to do both? I want some locations to utilise their local, fast Internet connections for the download, but other sites have to go through the WAN or are on the same site as the main WSUS server,and should just get their updates internally.

    Can that be configured? Do I have to install another WSUS instance somewhere so I can point different sites/clients to each?

    A single WSUS can only have one update-storage configuration. (i.e. you can't have some clients use get-from-WSUS and some clients get-from-web)

    But, you can have a hierarchy of WSUS servers, and each server can have its own update-storage config.

    e.g.: https://social.technet.microsoft.com/Forums/windowsserver/en-US/1a46d226-dfa8-4251-9445-99d6939a0555/upstream-store-updates-locally-downstream-do-not-store-update-files-locally?forum=winserverwsus

    In that scenario, you should be able to manage groups + approvals on the upstream server which would cascade down to the downstream server (if you have set the downstream server to be a replica server).

    Then, all you need to do is to configure the clients at the remote sites with the relevant WUServer it should use.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Saturday, February 6, 2016 6:14 AM
  • Thanks Don. That's what I figured. I'll see how that goes..
    Saturday, February 6, 2016 7:28 PM