![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
WSUS info
- Thread starter Karandras
- Start date
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
Did it fail horribly across the entire network? Or just on one workstation or server? If just one...remote in, unapprove that update so it doesn't repeat itself, remote to problem machine...add/remove programs...yank the update. Bounce. See if you need to do any manual mopping up.
We don't have this in place yet, we have a client with about 400 workstations that is wondering if we can set this up for them. Never having used it we want to make sure that when things are done automatically that we can reverse them if it's possible and if the workstation goes bleeegggghhhh.
So all in all it works well for you guys?
So all in all it works well for you guys?
as stated, it's dependent on the update.
Most updates include an uninstaller.
But not all do.
as said above, if it includes an uninstaller, you can easily uninstall it.
If no uninstaller is available, then a system restore is required.
Being a WSUS setup really doesn't change that, except that you would need to unapprove that particular update
Most updates include an uninstaller.
But not all do.
as said above, if it includes an uninstaller, you can easily uninstall it.
If no uninstaller is available, then a system restore is required.
Being a WSUS setup really doesn't change that, except that you would need to unapprove that particular update
Just don't dick around with the reboots, if you force reboots it works great. If the company or agency has retarded policies about updates and you can't force reboots then it gets fun trying to clean stuff up. You would only be adding functionality to windows update and taking a load off your internet connection and having control over updates so it's an awesome product.
WSUS will let you put your inventory into groups, and approvals can be granted or withheld based on those groups - if you're worried about something critical, put it into a different group, and approve updates for that group once your tests on the other groups go fine.
WSUS doesn't handle uninstalls, just like it doesn't handle installs. It only handles approvals. Your GP or imported registry settings handle installation. What happens when an installation goes down the tubes would not be much different from what you're doing without WSUS, the only trick will be keeping a problem update from being pulled down again after it's removed - but again, that's more of a workstation setting, and WSUS isn't better or worse, just different. Depending on your WSUS registry settings, you can have some machines automatically install (great for workstations), and have others notify only (great for servers, especially if you put a deadline on an update).
All that being said, if you're looking at *anything* more than a dozen or so machines, WSUS is a whole hell of a lot better and easier, no matter what the tradeoffs are.
WSUS doesn't handle uninstalls, just like it doesn't handle installs. It only handles approvals. Your GP or imported registry settings handle installation. What happens when an installation goes down the tubes would not be much different from what you're doing without WSUS, the only trick will be keeping a problem update from being pulled down again after it's removed - but again, that's more of a workstation setting, and WSUS isn't better or worse, just different. Depending on your WSUS registry settings, you can have some machines automatically install (great for workstations), and have others notify only (great for servers, especially if you put a deadline on an update).
All that being said, if you're looking at *anything* more than a dozen or so machines, WSUS is a whole hell of a lot better and easier, no matter what the tradeoffs are.
I have to get WSUS going at my company. Way too many people are unpatched. Some don't even have Vista SP2. Yes I know, we run Vista, WTF is wrong with us, well I inherited this and I am going to clean it up! 7 here we come.
WSUS here we come first though.
WSUS here we come first though.
RiDDLeRThC
2[H]4U
- Joined
- Jun 13, 2002
- Messages
- 3,963
I just finished our Windows 7 Deployment to 28 workstations that were running XP.
I skipped right over vista.
WSUS is a MUST. SCOM or SCE is also very nice to help manage the PC's.
I skipped right over vista.
WSUS is a MUST. SCOM or SCE is also very nice to help manage the PC's.
NotSoSimple
[H]F Junkie
- Joined
- May 17, 2003
- Messages
- 14,618
I have an 'upstream' WSUS in our Colo and then 4 downstream WSUS servers at each location.
http://hardforum.com/showthread.php?t=1452519
http://hardforum.com/showthread.php?t=1441206
Some info there on past threads of mine.
http://hardforum.com/showthread.php?t=1452519
http://hardforum.com/showthread.php?t=1441206
Some info there on past threads of mine.
We have about 20% of our workstations still on Windows 2000 and the rest on XP with the majority on SP2. I'll trade network environments any day.
