|
|
Hey all, I just wanted to see if what I am doing is correct for what I want
to happen.
I am using WSUS Build 2.0.0.2620. What I want to do is have it automatically
push out updates for XP, 2000, and Office products.
Under Synchronization Options I set products to the mentioned above, and
classifications to Critical and Security updates.
Under Automatic Approval, I have set Approve for Detection to Critical and
Security updates for all my computer groups. And I have set Approve for
Installation to the same criteria as the Detection settings.
For Updates, I set all of the updates that I did not want to "Detect only".
All of the computers in my domain do have Group Policy settings configured
to use the WSUS server for it's updates. Is this all that I need to do? Or is
there something that I am missing?
Thank you in advance.
|
|
"goosed" <goosed[ at ]discussions.microsoft.com> wrote in message
news:DDA60059-606B-4B26-AC8D-77E2E0DD146D[ at ]microsoft.com...
[Quoted Text] > Hey all, I just wanted to see if what I am doing is correct for what I
> want
> to happen.
Okay.
> I am using WSUS Build 2.0.0.2620. What I want to do is have it
> automatically
> push out updates for XP, 2000, and Office products.
Technical, semantical point, but WSUS doesn't "push out" updates. The
clients query the WSUS server for available (and approved) updates, and
download them. Everything is initiated by the client system.
> Under Synchronization Options I set products to the mentioned above, and
> classifications to Critical and Security updates.
>
> Under Automatic Approval, I have set Approve for Detection to Critical and
> Security updates for all my computer groups. And I have set Approve for
> Installation to the same criteria as the Detection settings.
>
> For Updates, I set all of the updates that I did not want to "Detect
> only".
>
> All of the computers in my domain do have Group Policy settings configured
> to use the WSUS server for it's updates. Is this all that I need to do? Or
> is
> there something that I am missing?
That pretty much takes care of it, except for one detail:
Any updates synchronized prior to the configuration of the auto-approve
rules will need to be manually set to "Install".
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
Hey Lawrence, thanks for the reply.
So basically, since I setup auto approval for detection and installations a
few days ago, any updates that are listed prior to 6/1/07 (or close) will
need to have a manual approval?
Oh and just one more question. Since I do have Approved for Install set on
Security and Critical Updates, do I still need to go through the list of
detected updates to approve them? Or will they automatically be approved for
installation?
I guess my understanding of WSUS is that any and all updates are detected by
the server. You set your options to detect and/or approve only certain types
of updates. And then based on client settings, workstations will then connect
to the WSUS server to retrieve updates. Is that WSUS in a nutshell?
Thanks again for your help Lawrence.
|
|
In the Automatic Approvals dialog, there is an option to "Run Rule", which
will apply the rule to all your existing updates.
If you have an automatic approval rule for security and critical updates,
you won't need to approve them yourself; they'll get approved as soon as
your server synchronizes them.
Your understanding is for the most part correct - all updates that are
brought down (within your product and classification synchronization
settings) will automatically go out for detection. Any that aren't
automatically approved for install you can approve manually.
Thanks
Kris
"goosed" <goosed[ at ]discussions.microsoft.com> wrote in message
news:FAB0C0B4-F243-4F95-B0F3-56A3FFED7588[ at ]microsoft.com...
[Quoted Text] > Hey Lawrence, thanks for the reply.
>
> So basically, since I setup auto approval for detection and installations
> a
> few days ago, any updates that are listed prior to 6/1/07 (or close) will
> need to have a manual approval?
>
> Oh and just one more question. Since I do have Approved for Install set on
> Security and Critical Updates, do I still need to go through the list of
> detected updates to approve them? Or will they automatically be approved
> for
> installation?
>
> I guess my understanding of WSUS is that any and all updates are detected
> by
> the server. You set your options to detect and/or approve only certain
> types
> of updates. And then based on client settings, workstations will then
> connect
> to the WSUS server to retrieve updates. Is that WSUS in a nutshell?
>
> Thanks again for your help Lawrence.
|
|
On Tue, 5 Jun 2007 12:35:01 -0700, "Kris Owens \(MSFT\)" <krisow[ at ]microsoft.com>
wrote:
[Quoted Text] >In the Automatic Approvals dialog, there is an option to "Run Rule", which
>will apply the rule to all your existing updates.
Not for WSUS 2
>
>If you have an automatic approval rule for security and critical updates,
>you won't need to approve them yourself; they'll get approved as soon as
>your server synchronizes them.
>
>Your understanding is for the most part correct - all updates that are
>brought down (within your product and classification synchronization
>settings) will automatically go out for detection. Any that aren't
>automatically approved for install you can approve manually.
>
>Thanks
>Kris
>
>"goosed" <goosed[ at ]discussions.microsoft.com> wrote in message
>news:FAB0C0B4-F243-4F95-B0F3-56A3FFED7588[ at ]microsoft.com...
>> Hey Lawrence, thanks for the reply.
>>
>> So basically, since I setup auto approval for detection and installations
>> a
>> few days ago, any updates that are listed prior to 6/1/07 (or close) will
>> need to have a manual approval?
>>
>> Oh and just one more question. Since I do have Approved for Install set on
>> Security and Critical Updates, do I still need to go through the list of
>> detected updates to approve them? Or will they automatically be approved
>> for
>> installation?
>>
>> I guess my understanding of WSUS is that any and all updates are detected
>> by
>> the server. You set your options to detect and/or approve only certain
>> types
>> of updates. And then based on client settings, workstations will then
>> connect
>> to the WSUS server to retrieve updates. Is that WSUS in a nutshell?
>>
>> Thanks again for your help Lawrence.
--
Dave Mills
There are 10 type of people, those that understand binary and those that don't.
|
|
|
|
|
|
Thank you for the replies. That answers my questions fully.
|
|
|