I recently took my first IT job, at a midsize bank as one of the two IT staff.
We use WSUS to manage updates to the network machines, but the SUS server has been offline since before I started. During my training and acclimatization phase, no one managed updates, so now we face a mountain of updates, far too many to flood our T1-equipped network, with branches in multiple states.
So, we are looking into disabling the updates-only-through-WSUS policy and manually updating the machines, one branch at a time, to minimize and localize network traffic and potential issues.
Our concern, however, is that, even after the machines are manually updated to the latest patches, the WSUS server may not recognize the updates and overwrite them, effectively rendering our efforts pointless.
Does anyone have experience with this, or know whether this would work? Can we force the WSUS server to reaudit the network, and update the needed update list?
We know that going the other way (updates from WSUS, then do manual update) DOESN'T work; the WSUS-issued updates aren't recognized by Windows Update once disconnected from the network, and they get overwritten by manual update. But does that go both ways?