Windows Update... need help

[Tygerwoody]

Ok, I'm the main Network technician at my company. My boss wants me to run windows update on ALL 800 or so computers we have. Is there by chance an easier way to accomplish this as oppose to logging on each machine and running windows update via the internet? I know its possible to download each update individually, which i can put on a server to save SOME time. But really, its like 50 some updates we need, double clicking 50 updates would take FOREVER. Anyway, any help would be appreciated.

We are using a mix between Windows 2000 and Windows XP in our network. My boss does not want anything done automatically via group policy. And no, the employee's here will not be trusted to run windows update on their own, i must do each machine. Thanks!

 

[j0k3r]

You should really consider taking a look at Software Update Services:
http://www.microsoft.com/windowsserversystem/sus/default.mspx

 

[dariob]

http://www.susserver.com/

 

[Phoenix86]

SUS server is exactly what you need/want. Get some!

 

[Tygerwoody]

yea tell me about it. I know all about SUS server and what it can do. But, my boss said he refuses to use it. Stupid huh? he "doesn't trust it". Any other ideas guys?

 

[j0k3r]

yea tell me about it. I know all about SUS server and what it can do. But, my boss said he refuses to use it. Stupid huh? he "doesn't trust it". Any other ideas guys?

Tell your boss to get bent. His other options are to spend thousands on patch management software from other vendors. Good luck.

 

[Phoenix86]

yea tell me about it. I know all about SUS server and what it can do. But, my boss said he refuses to use it. Stupid huh? he "doesn't trust it". Any other ideas guys?

Yes, spend LOTS of $$ on other things he would have just as good a reason not to trust. Does he trust MS? They are running his OSes, why not trust them to patch them? They wrote the damned patches...

edit: Obviously this is the perfect scenarion for me to deploy my army of trained monkeys every time a new patch comes out and he wants to update the machines. Does he think patching only happens 1/year?!? An automated solution is the ONLY way to go. Anything else will only cost more, a LOT more.

 

[Direwolf20]

Is your boss an IT guy, or some know-nothing exec? If he is, tell him the reason he pays you a salary is to make these decisions, and that he needs to recognize you know what your talking about.

SuS is a perfectly viable approach (and actually very good approach) to windows updates.

You could push down a registry setting to all machines that turns on automatic windows updates. Assuming they have internet access as users, it should all happen in the background for the most part.

 

[Phoenix86]

You could push down a registry setting to all machines that turns on automatic windows updates. Assuming they have internet access as users, it should all happen in the background for the most part.

Yes, and when something like SP2 is released and all of the machine's won't run XYZ app, they are going to have a heart attack.

 

[oldpablo]

Which is why another vote for SUS. You can just "not approve" SP2 specifically as well as any other patches you don't want yet (SP2 is only thing we haven't approved yet on our SUS server, though we are almost done with testing). Give the boss these options:

SUS
Pay you lots of overtime or let other tasks suffer while you devote all your time to this
No. Just plain no.

We are running SUS for about 1000 machines, and its wonderful. Just downloaded the beta for WUS as well. As a habit I check daily to see if anything has come down the pipeline. Approve, hit done, and all finished. If my machine doesn't get the update, I investigate. But so far no problems. These forums are very helpful by the way:

http://www.susserver.com

 

[ambit]

Tell your boss to get bent. His other options are to spend thousands on patch management software from other vendors. Good luck.

I'll have to agree with that.
I use(d) SUS to patch 700+ 2k and XP machines. Don't approve the troublesome patches and force the rest out through a GP. If you're running AD it doesn't make sense to not use SUS. It's free and thousands of us use it everyday without any problems.

I've been moving most of my users over to the WUS beta to get the Office patches out and that's been coming along nicely as well.

 

[Direwolf20]

Yes, and when something like SP2 is released and all of the machine's won't run XYZ app, they are going to have a heart attack.

Then you can say "See, we should have used an SuS server, and this wouldn't have happened!"

Besides, I thought you were pro-SP2?

 

[Phoenix86]

Then you can say "See, we should have used an SuS server, and this wouldn't have happened!"

Besides, I thought you were pro-SP2?

I am, but that doesn't mean my company is running it, nor can we. We have a critical application (financial) that doesn't have an SP2 compatible client. The easiest way for us to switch right now is to create a citrix environment and move a couple hundred users over to it, so a good amount of $$$ would be necessary for the infrastructure.

 

[Tygerwoody]

Update:
Yea, so i talked to my boss again yesterday about the SUS server. He again acted mad i even asked. He said he wanted ALL of the 800+ machines done manually, he didn't care how long it took. A few hours later a virus was released on our network. Today i come to work and we have 200+ computers and counting in the number of computers infected. Every 10 minutes a new person is calling me telling me their computers are locked up. The virus is spreading like a wild forest fire it seems. Each computer takes an hour to remove the virus because its causing the computer to move so slow(100% proc all the time) Oh yea, and by the way, Windows Update fixes the hole that the virus got through. PWNED

 

[Direwolf20]

I am, but that doesn't mean my company is running it, nor can we. We have a critical application (financial) that doesn't have an SP2 compatible client. The easiest way for us to switch right now is to create a citrix environment and move a couple hundred users over to it, so a good amount of $$$ would be necessary for the infrastructure.

Yea, my company didn't upgrade yet either. We've got a couple pieces of delicate software that I just know will have problems if we even try it. Theres a handful of our users that we installed it on, for testing though. We're moving slowly.

Oh yea, non-thread hijacking part. Tell your boss to go with SUS.

 

[Direwolf20]

Update:
Yea, so i talked to my boss again yesterday about the SUS server. He again acted mad i even asked. He said he wanted ALL of the 800+ machines done manually, he didn't care how long it took. A few hours later a virus was released on our network. Today i come to work and we have 200+ computers and counting in the number of computers infected. Every 10 minutes a new person is calling me telling me their computers are locked up. The virus is spreading like a wild forest fire it seems. Each computer takes an hour to remove the virus because its causing the computer to move so slow(100% proc all the time) Oh yea, and by the way, Windows Update fixes the hole that the virus got through. PWNED

Rough man, welp, time to say 'Hey boss, this wouldn't have happened with an SUS server that constantly got us the newest updates.'

 

[hulksterjoe]

Update:
Yea, so i talked to my boss again yesterday about the SUS server. He again acted mad i even asked. He said he wanted ALL of the 800+ machines done manually, he didn't care how long it took. A few hours later a virus was released on our network. Today i come to work and we have 200+ computers and counting in the number of computers infected. Every 10 minutes a new person is calling me telling me their computers are locked up. The virus is spreading like a wild forest fire it seems. Each computer takes an hour to remove the virus because its causing the computer to move so slow(100% proc all the time) Oh yea, and by the way, Windows Update fixes the hole that the virus got through. PWNED

Think of it as job security.. By the time you get them all done. you can just start over and over and over and over

 

[dariob]

Wow...your boss is a moron. Go above his head and tell HIS boss that HE was responsible for the virus + the man hours of manual patching + probably hundereds of grand of dollars in lost productivity. I hope you aren't reading this at work

 

[Tygerwoody]

Wow...your boss is a moron. Go above his head and tell HIS boss that HE was responsible for the virus + the man hours of manual patching + probably hundereds of grand of dollars in lost productivity. I hope you aren't reading this at work

My boss = Vice President of company

Yea, so my boss can basically tell anyone in our company of 800+ people to **** off. The only person above him is obviously the President of the company, I don't think saying "i told you so" would get me anything but fired.... would be nice to say though. Everyone in IT is trying to get me to go to my boss and be like "yea so, with SUS this would have never happened". My boss would probably punch me in the face. He's an angry man =).

 

[dariob]

My boss = Vice President of company

Yea, so my boss can basically tell anyone in our company of 800+ people to **** off. The only person above him is obviously the President of the company, I don't think saying "i told you so" would get me anything but fired.... would be nice to say though. Everyone in IT is trying to get me to go to my boss and be like "yea so, with SUS this would have never happened". My boss would probably punch me in the face. He's an angry man =).

Well, I hope the pay is good at least....

 

[Tygerwoody]

nope