Ok so i've set up WSUS and I've got a meeting with my Network Manager in an hour who I expect is going to tell me that he doesn't want to use it.
We have used it before without any problems, no rollbacks required etc...
I need some ammo to take with me as to why we need WSUS. Which we do.
For example, the important IE7 update that isn't installed on PCs is something we need to sort out with automation.
He has an idea of using the proxy to cache windows update and use it as a kind of replacement wsus. No idea if this would work.
Any ideas guys? I need as many points I can hit him with so anything useful would help me.
WSUS also provides the administrator data as to what machines have which updates installed. I'm not sure why he/she is so against it. You can specify which updates to deploy or you can manually specify each update manually before deploying it.
You can also deploy to selected groups for additional testing, before deploying to the whole network. WSUS has lots of benefits!
I know, I honestly don't understand the logic behind it. Hopefully I'll be able to convince him!
Basically I would rather fix a broken application than a broken network.
So far very few updates have ever broken any of my applications. WSUS is an essential part of my network security plan. If everything is up to date, then thats one less entry point for malware.
To add to the usefulness of WSUS, it will also tell you the computer make and model of a machine, the BIOS version information. Admittedly all that data is available via WMI but WSUS 3 makes all this available easily.
On a related note, and apologies if this results in me hijacking your thread, my WSUS tells me that many workstations last submitted a status report "No yet reported". Clients that have submitted before haven't done for months. Anybody got any ideas why? We client side target them through AD Group-policy but they're in the groups correctly so I don't understand :(
I've just put WSUS on - one of many things that needed doing on our network to tidy up bits that badly needed doing :p
I'd say for starters...
- centralised management of patches and reporting so you are sure of the status of your workstations
- saving Internet bandwidth as updates are only downloaded once to the WSUS server then distributed rather than each machine downloading say 300MB each from Microsoft Update
- reduce manual workload doing updates yourself and eliminates human error e.g. not choosing the right patches on MS Update etc
It's free, it works so can't see any reason to take it off
Doesn't look like that WUS 3.0 though as I know for a fact it prepares graphs. WSUS 3 was a big improvement on earlier versions, even if I can't make my install work right now....
Originally Posted by ricki
Thanks for all the responses. I managed to convince him it was absolutely necessary and he's given the go ahead to use it. It seems he'd not seen the new version 3 and is happy about deploying the new version.
Thanks for the ideas.
Are you on a RBC network? NGfL for example.
If every computer on the Northern grid was updating from the MS site individually (all several hundred thousand of them) then no one in the northeast of england would be able to use the internetz!