how to "install now" and "reboot automatically" when done ? dbaguru 7/3/2007 4:10:04 PM Here is our setup: WSUS 3, several w2k3 servers at an off site location. The question is: if there are critical security, or any other update that we want installed "now", how can we approve an update/patch telling the group of servers to install now and reboot when done ? There are no users logged on to the servers, and we don't want to wait an hour for the servers to do the upgrade.

Re: how to "install now" and "reboot automatically" when done ? "Lawrence Garvin \(MVP\)" <onsitech[ at ]community.nospam> 7/3/2007 4:26:52 PM "dbaguru" <dbaguru[ at ]discussions.microsoft.com> wrote in message news:F7674512-18B3-42F8-8E74-8745A03480DE[ at ]microsoft.com... [Quoted Text] > Here is our setup: WSUS 3, several w2k3 servers at an off site location. > The question is: if there are critical security, or any other update that > we > want installed "now", how can we approve an update/patch telling the group > of > servers to install now and reboot when done ? You cannot, directly, with WSUS. You would need: [a] An addon package from EminentWare that provides this (and other) functionalities. [b] Microsoft System Center Essentials or, some creative policy configurations... If you reset a policy configuration for WSUS/WUA, the policy update forces an immediate detection at the client. You can use this to your advantage provided that "now" is equivalent to "within three hours". After approving an update that you want immedate deployment for, also configure a deadline for "now". Then, reconfigure your group policy to set the Detection Frequency to 1 hour. By default, every system refreshes group policy settings every 90 minutes (plus/minus 30 minutes) -- (except Domain Controllers, which do so every five minutes). What this means is that starting as early as 60 minutes after the policy change, your non-DC servers will get the policy update, which will trigger a detection. (Your DCs will be updated almost immediately because of the five minute refresh cycle.) The servers will see the update with a deadline, and download and install the update immediately. Within 2 hours, every system in your AD Site will have refreshed policy and executed a detection and be downloading the content, and within 3 hours (probably only a bit more than 2, actually) -- all systems powered on will be updated, and should have reported back to the WSUS server their installation status. Set the policy back to your regular detection frequency when you're confident that all systems have been updated. > There are no users logged on > to the servers, and we don't want to wait an hour for the servers to do > the > upgrade. However, if you really want *IMMEDIATE* installation, then you'll need to log onto each server via Remote Desktop and execute a 'wuauclt /detectnow' to get the detection event executed (or else, use something like psexec to execute the detection remotely via script). It's the *detection* event that triggers everything else occuring automatically (and it's the configuration of the deadline that makes the installation happen immediately after detection/download). -- Lawrence Garvin, M.S., MCTS, MCP Independent WSUS Evangelist MVP-Software Distribution (2005-2007) https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E Everything you need for WSUS is at http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx And, almost everything else is at http://wsusinfo.onsitechsolutions.com .....