Windows Server Update Services Questions

Question

I have a few questions about Windows Server Update services that are fairly vague within the MS documentation.

We have the domain server running as a vm on an esx server (not my idea and I'm not allowed to take the domain server offline) The domain server is running Windows Server 2003. Any more information needed let me know.

So here's my questions:

Can the WSUS be on the same server as the domain or different?
Can you manage updates for off site computers with server 2003 and XP?

Happy sysadmin day!

EDIT: 2 more question. So assuming I'm going to setup a separate server for this would y'all recommend adding it to the domain or would it be best to have it just have an admin password and keep it off the domain?

If I'm going to have remote clients access the server for updates would you recommend it be internal and have clients access it via VPN only? I'm mostly an Apple support and web developer so stuff like this is still VERY new to me

you should check out Windows InTune for remote (non-domain) clients. it was free, not sure if it still is. — Jordan W., Jul 29 '11 at 20:45
just checked with MST... its no longer free and we need licenses to win 7 enterprise. Most of our clients are running XP. Other than logmein any other suggestions? — wyo9089, Jul 29 '11 at 22:40

score 2 · Accepted Answer · answered Jul 29 '11 at 19:57

2

Microsoft advises against installing WSUS on a domain controller: Technet reference

Clients use BITS to download updates in the background, so it doesn't matter if they are in the same site, as long as they have connectivity.

answered Jul 29 '11 at 19:57

Artomegus

154
2

Connectivity meaning via VPN or just strait to the internet? – wyo9089 Jul 29 '11 at 19:58
If they're WSUS clients then they need connectivity to the WSUS server. – joeqwerty Jul 29 '11 at 20:07
What i meant was would it be recommend to have the off site clients use VPN to access the server or would it be OK to have a standard IIS server? – wyo9089 Jul 29 '11 at 20:22

score 1 · Answer 2 · answered Jul 29 '11 at 19:53

1

Yes, but depending on your needs, it may be advisable to separate the two. The two main considerations that WSUS will need: 1: IIS; and 2: enough space to store cached updates. If you don't have the space, or don't want IIS on your DC, then split them up.
Sure, as long as the off site computers can connect to the WSUS server over the port(s) that WSUS is using - usually standard web ports (as an aside: make sure to set up SSL).

answered Jul 29 '11 at 19:53

Shane Madden

112,982
12
174
248

1

I would also recommend it on a separate machine from the Domain controller, considering this will be open to the internet. – surfasb Jul 30 '11 at 02:33

Windows Server Update Services Questions

2 Answers2