ICC Home / Members / Meetings / Peer Support / Documentation / Projects
Return to IT/SA Services Documentation Home
Lead: Wayne Hyde
WSUS has been enabled for all OU’s in IFAS, with the exception of IMOK who already has their own implementation. It is configured with the same settings as we had in SUS:
All Microsoft’s products are included and all patches are downloaded for the English versions.
Concerning Remote Sites:All sites currently point to the on campus WSUS server. As WSUS is rolled out to the Multi-Purpose Servers, we will be redirecting the updates to the local servers.
Note on Windows 2000 machines: There are some issues with the WSUS client on Windows 2000 machines that may be resolved via the login script. Worst case, they will have the same patching functionality they had prior to the change.
Example Walk-through of how this works:
Due to a problem that will be fixed in SP1, there are three possibilities of how patch deployment should occur after the usual Patch Tuesday:
Suggested management methods:
The install settings can be changed by OU admins by editing their IF-OU Computer GPO and configuring the settings you desire.
However, there is a valid concern that someone will see something not working, and make a change, which could cause problems, specifically for the servers which have a different patching schedule. Dwight has a very specific method for patching the Building 120 servers during the maintenance windows. Consequently, it is always best to run proposed changes by IT/SA security staff before implementing those.
To make up for the lack of WSUS reporting features, IT/SA will be doing some checking for machines that are not reporting in, or not accepting patches. The current WSUS service does not have a view only mode, so we will be building an interface using SQL reporting to allow unit admins to report on their machines. Based on feedback, this will be a fairly high priority.
last edited 13 March 2006 by Steve Lasley