3

Since I started here 3 months ago, one of the things that's really bothered me about the way this network is setup is something that shows up on the daily bandwidth consumption report. I get a list of top-visited sites by hits and by size, and invariably the top site (to the point that it's bigger than all the other top sites combined) is au.download.windowsupdate.com. We're pulling in ~30GB/day in windows updates. This is every day, not just after a patch Tuesday. After a patch day, it jumps closer to 40GB for a couple days.

The key here is that almost none if it is by machines that I'm responsible for. My machines are for the most part fully patched, and when they're not they'll pull from a SUS server, so new updates are downloaded only once. It used to be closer to 50GB/day because most of the machines in our computer labs use DeepFreeze and weren't applying updates correctly, but that's fixed now.

So the problem is definitely student-owned machines in the dorms, some of which are re-downloading the same updates in background each day, over and over. I'd love to have these machines start pulling from our SUS server. Then, if they don't ever actually install them at least they're not leeching bandwidth from our public internet connection.

Any ideas on how to resolve the situation?

Joel Coel
  • 12,910
  • 13
  • 61
  • 99

2 Answers2

7

It is possible to get non domain clients to pull their updates from a WSUS server, however this involves some registry hacks on the client machine. As they are not on your domain, you can't use group policy to do this remotely. This will also cause problems with the students machines when they are used off the network, at home over the break for example.

You would also be breaking the WSUS licence agreement by doing this, which states

Do not use WSUS to distribute updates to client computers that are not licensed for your organization. The WSUS license agreement specifically disallows this.

Source

Your best bet is instead of trying to get users to use your WSUS server, is to do some sort of caching on windows updates, to try and minimize the amount of downloads you are doing. For example, this is how it is done in Squid.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
2

I wouldn't want to be making changes to student-owned machines, especially something that might stop them updating when they aren't on your network. It should be pretty easy to put in and correctly configure a transparent caching proxy server which would massively reduce your bandwidth, not just for Windows updates but for other web traffic too.

WheresAlice
  • 5,290
  • 2
  • 23
  • 20
  • +1 for the caching proxy. Either just cache stuff from microsoft.com, or make sure it has a lot of disk space. – Kevin M Mar 24 '10 at 14:28