Rolling out XP SP2 with WSUS Bonez 6/24/2007 11:22:01 AM Hi peoples, My boss has given me the task of rolling out Windows XP SP2 to all 400 or so of our company workstations. I have spent a fair bit of time trawling through Microsoft white papers, documents, usenet etc and have gathered a bit of information from others. I still have a few questions though that perhaps can be answered by others who have indeed already rolled out SP2 in a corporate environment. I have decided to use WSUS 3.0 as the method of pushing out the patch. We don't currently run SMS so that's not an option. We have a slightly different system that looks after package rollouts but it's not really the preferred way of doing it, due to a few issues with it's capability and failing deployment in the past. Can anyone see any problems with using WSUS? Our PC's are located across 4 sites, and the WAN links between are not very fast, so individual WSUS servers will be set up at each site and all talk back to a master server to pull in updates etc over night when the WAN links aren't being used very much. We will also use WSUS as the preferred way to push out other updates in the future. Also, I have spent a fair bit of time recently rolling out XP SP2 manually to a pilot group, to see what issues they come across. I notice that when you first install and do a reboot, it comes up with the "Automatic updates" screen prompting the user to enable or disable automatic updates. Is there a way to disable this so that the patch can just be rolled out and workstations rebooted at 2am, so when the users come back in on Monday morning there's nothing for them to scream about? I guess basically what I am wanting to do is slightly modify the whole package to make it suit our needs, then do a massive push through WSUS. Any feedback or suggestions would be greatly appreciated! Thanks Bonez

Re: Rolling out XP SP2 with WSUS "Lawrence Garvin \(MVP\)" <onsitech[ at ]community.nospam> 6/24/2007 7:08:30 PM "Bonez" <Bonez[ at ]discussions.microsoft.com> wrote in message news:EFAA8D06-B05C-4801-A68C-CECD3FF042DF[ at ]microsoft.com... [Quoted Text] > My boss has given me the task of rolling out Windows XP SP2 to all 400 or > so > of our company workstations. > > I have spent a fair bit of time trawling through Microsoft white papers, > documents, usenet etc and have gathered a bit of information from others. Here's another article you may find useful, since you're asking in the WSUS newsgroup, and while the article was targeted to a really large deployment, everything in there is equally valid to a distribution for 400, or 100, desktops. How do I distribute XP SP2 to 1000+ clients using WSUS? http://wsusinfo.onsitechsolutions.com/articles/036.htm > Can anyone see any problems with using WSUS? Absolutely not, provided you approach the rollout in a planned, phased process. The one thing you absolutely do not want to do is approve SP2 for "ALL Computers", and then sit back and watch. It'll be like watching your campfire consume an entire forest. > Our PC's are located across 4 > sites, and the WAN links between are not very fast, so individual WSUS > servers will be set up at each site and all talk back to a master server > to > pull in updates etc over night when the WAN links aren't being used very > much. As noted in the article cited, as long as you've got a weekend to do the rollout, 10kbit/sec per site is more than sufficient to get SP2 deployed. However, since you've only got four sites, it's certainly a feasible alternative to use a remote WSUS server to faciliate reduction of bandwidth. I'd even suggest building the servers in-house, and shipping them to the sites "ready to go". That would eliminate the need to copy the SP2 package across the WAN links even once. In addition, for an SP2 rollout, you'll want to look closely at whether "Express Installation Files" can be of benefit to you. > We will also use WSUS as the preferred way to push out other updates in > the > future. This is where the decision gets complicated. To be quite frank, the maintenance and administrative overhead of four remote servers to service 400 clients is probably more than necessary. Unless your sites have less than 5kbit/sec of bandwidth per PC, you can easily manage updates for all remote PCs on a single corporate WSUS server. > Also, I have spent a fair bit of time recently rolling out XP SP2 manually > to a pilot group, to see what issues they come across. I notice that when > you > first install and do a reboot, it comes up with the "Automatic updates" > screen prompting the user to enable or disable automatic updates. > > Is there a way to disable this so that the patch can just be rolled out > and > workstations rebooted at 2am, so when the users come back in on Monday > morning there's nothing for them to scream about? Given that SP2 is now several years old, there is a litany of material on how to address the various issues you might encounter when installing SP2. You're observing some things because you're installing manually, in a non-WSUS environment, and will not see those things doing an automated install from a WSUS server. What you really should be focusing on is those issues encountered during /unattended/ installations via WSUS. Ergo, in a WSUS-enabled environment, there is no interaction with the user, and you won't see an Automatic Updates "please-configure-me" screen, because you've already done that via WSUS policies. Your best "pilot" is to set up a WSUS server, and a couple of XP machines (physical or virtual), and actually launch an SP2 installation from the WSUS server, and observe what happens when the update installs fully automatically (i.e. no user interaction) as a scheduled event. > I guess basically what I am wanting to do is slightly modify the whole > package to make it suit our needs, then do a massive push through WSUS. Again, perhaps being a bit harsh, but why not research how the environment *does* and *is supposed to* work during a WSUS rollout -- which is what you intend to do -- including the possible gotchas, before even considering whether you should, or even need to, "slightly modify" anything. I believe you'll find that, unless your desktops have serious issues, the rollout will be totally transparent. For an actual report of an XP SP2 rollout to an XP SP1 system, performed *fully* automatically, see this article: How long does it take to fully update a Windows XP SP1 system? http://wsusinfo.onsitechsolutions.com/articles/012.htm -- Lawrence Garvin, M.S., MCTS, MCP Independent WSUS Evangelist MVP-Software Distribution (2005-2007) https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E Everything you need for WSUS is at http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx And, almost everything else is at http://wsusinfo.onsitechsolutions.com .....