0

I'm starting to use WSUS for patch management and I'm a little light in the experience department. Our requirements are simple in that we want to make sure every server we have is up, on and ready for patches once a week. We can automatically approve all patches and are using group policy to regulate behavior with finally forcing a reboot 15 minutes after installation. I've created several OU's for our VM's along with a corresponding GP and can regulate what happens based on the needs of the group.

Now it dawns on me that I may need to handle the server running WSUS a little differently than all the others since I need it up during our maintenance window. My thought was to create a separate group group and time it so that I patch that server maybe a day in advance, or much later in the day.

What has experience taught you about patching the actual WSUS machine that could keep me out of trouble. Any thoughts and suggestions are most welcomed. Thank You.

Mike Malter
  • 109
  • 4

2 Answers2

1

Seeing as your WSUS server is a single server (unless you have replica/downstream WSUS servers), it's probably simplest to just manually install updates on the WSUS server on the day and at the time of your choosing. WSUS being up to date with updates has no bearing on the updates it delivers to your WSUS clients.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
0

I have WSUS up and running and use a GPO to configure the WSUS settings on the servers.

I have my servers set to "4 – Auto download and schedule the install" so the updates are downloaded well in advance of the patch window. They'll then install at the time specified in the GPO, at this stage they don't need the WSUS server as part of the patching, and all of my servers scheduled to patch at the same time as the WSUS server, and the WSUS server install their updates and reboot fine.

I also find that servers don't immediately report in their newly updates status to WSUS, but generally have by the following morning.

I don't think you'll have any problems they way your setup is.

Mike1980
  • 1,018
  • 7
  • 15