0

I work in a computer service company and we have several clients connected to the internal network and servers, including one WSUS server. Now, we have entered a GPO that forces the client to perform automatic updates from the WSUS server.

The problem is the PC that come into assistance are updated through Windows Update from the internet because they're not part of the domain, and this saturates the band enormously (imagine doing teleservice with 3 pcs that make downloading updates from the internet ....)

Setting each PC manually or changing registry keys is impractical.

I was wondering ... If I redirect on Firewall all traffic from * update.microsoft.com to ipwsus: 8530 might work?

Or is there a way to force them?

Matthew Wetmore
  • 1,631
  • 12
  • 20
user3266139
  • 11
  • Why don't you just try it and see if it works? – Daniel Feb 11 '17 at 10:04
  • Because the current firewall does not allow the redirect of url so I must buy new one to try it... – user3266139 Feb 11 '17 at 11:19
  • You could grab a PC and install a trial version on it and put it in between – Daniel Feb 11 '17 at 12:05
  • `Think to set each PC manually in wsus is impossible, it would take too long and technicians never do it. Even with the registry key that is quite fast operation but they never do it.` - It seems like you have a people problem, not a technical problem. Why can't you get the technicians to do this? – joeqwerty Feb 11 '17 at 16:03
  • The client-server protocol from clients to WU and to WSUS are basically the same - so there's a fair chance it'd work. And it's worth trying and reporting back. Group Policies are the traditional way to re-direct groups of clients, but I can see your desire not to override these settings for the temporary time machines you don't own are being serviced - and then risk forgetting to set them back. Returning a machine to an environment without unsetting the change will then prevent them from updating... and that'd be bad. – Matthew Wetmore Mar 02 '17 at 21:05
  • @Daniel, I agree he should try it - but it's non-trivial if he doesn't have the equipment handy to try it and, personally, it seems reasonable to do a check of "anyone know if this will work?" As a former owner of WSUS, I'm curious to see if it'd work, and it seems like a reasonable strategy that applies well to a Bring Your Own Device (BYOD) environment. – Matthew Wetmore Mar 02 '17 at 21:08

0 Answers0