+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows Server 2012 Thread, How to manage Windows updates in a better way? in Technical; We have windows 8.1 installed on most of our 50 laptops and 150 desktops. I have a WSUS server setup ...
  1. #1

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    47
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0

    How to manage Windows updates in a better way?

    We have windows 8.1 installed on most of our 50 laptops and 150 desktops. I have a WSUS server setup to handle the updates coming from MS. The problem is it is sometimes too disruptive to staff and students. Due to roaming profiles, I have advised everyone to try to use the same computer whenever they go to a lab so some of the computers do not get used much. Due to this, when someone logs into one of those computers, it downloads all those pending updates and next time it takes forever to boot as it is applying updates. Also, the wireless tends to slow down when all the laptops start downloading the updates at the same time. I am wondering how others apply updates and patches in a school environment. Am I missing something or doing something wrong. Should I turn it off during school days and only turn it on during term breaks to update them. But this will use up most of my time which I use for deployments and server maintenance.
    I have been thinking of setting up FOG for a while to see if it is more flexible as WSUS is very basic in what I can do. Will it make things any better.

  2. #2

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    FOG is a fantastic and very capable tool, but it isn't going to assist you with your scheduled Windows updates unless your intention is to use if for regular re-imaging in places of updates?

    WSUS has quite a bit of flexibility and you can set updates to occur automatically at scheduled times. We have ours set to automatically download new (approved) updates and apply them at 4pm every day, after all classes have finished. The computers will reboot as necessary to apply the updates. This eliminates the problems that you are having with updates applying during the day or "building up" over time for the computers that are rarely used. It sounds like you don't have your GPO settings configured correctly to accommodate this. I've attached a couple of screenshots showing our WSUS configurations for our PC Labs.
    Screen Shot 2014-07-19 at 2.02.53 pm.png
    Screen Shot 2014-07-19 at 2.03.10 pm.png

  3. #3

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    47
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi Seawolf,

    Thanks for the response.

    I thought FOG also does updates but I might be confusing it with something else.

    I have setup the GP in a very similar way but I will double check it. I think I have set it to install at 3:00PM as they are turned off at 3:20 when school finishes. Do you leave your computers on after school? All the updates have different requirements, some will install/configure while turning off and others do it when the computers are turned on. So how is this handled?

    On a different note, I really like how you have put a comment for every GP you have configured. I wish I had enough time on hand to do the same. Is there any chance I can get some of your other GPs in HTML/CSV or another format? I will really appreciate as this will save me a lot of time typing and I will have a better idea what other school admins are doing.

  4. #4

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    FOG was recently updated, but we haven't tested or deployed the new version yet so you made me wonder about the updates capability. Based on what I see on the FOG Wiki, there is still nothing related to updates (other than updating of the FOG agent), so must have been some other product you were thinking of.

    We use the "Green FOG Service" to shutdown all computers at 8pm. We don't turn them off until then to provide time for all updates to apply and also in case we need to remote into any systems after school ends to do any work. If they all shut down at 3:20pm then we would often have to go around turning things on. All of our computers turn back on at 8am so any updates applied at startup will be completed before students ever arrive at school.

    We don't comment on every GPO that we create, but for those where we think anyone might question why something is configured in a certain way in the future (or we might forget ourselves), we do add them in. I could probably pull out some information on our GPOs with the comments, but we're pretty busy right atm so it might take me a some time to get this to you.

  5. #5

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    47
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I also checked and FOG does not do Windows updates so it might have been something else I came across.

    So I think the key here is to leave them on after school. I was trying to save some power but I think I have to adopt a similar strategy like put notices in the computer rooms to leave computers on after school on 'update Wednesday'.

    There is no urgency so you can send the GPOs whenever you get a chance. You can email them to me.

  6. #6
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,541
    Thank Post
    362
    Thanked 263 Times in 215 Posts
    Rep Power
    100
    SCCM.

    The functionality it adds to a standard WSUS server is insanely helpful. I hate WSUS on its own, within SCCM though it's very customisable. Takes a while to learn, and if you've never used SCCM before it's worth a training course + spending time on windows-noob.com looking through the extensive SCCM guides. Obviously it does a hell of a lot more than just WSUS too, but you don't have to use every part of it if you don't want to.

  7. #7
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,012
    Thank Post
    42
    Thanked 84 Times in 80 Posts
    Rep Power
    22
    Quote Originally Posted by san_narula View Post
    We have windows 8.1 installed on most of our 50 laptops and 150 desktops. I have a WSUS server setup to handle the updates coming from MS. The problem is it is sometimes too disruptive to staff and students. Due to roaming profiles, I have advised everyone to try to use the same computer whenever they go to a lab so some of the computers do not get used much. Due to this, when someone logs into one of those computers, it downloads all those pending updates and next time it takes forever to boot as it is applying updates. Also, the wireless tends to slow down when all the laptops start downloading the updates at the same time. I am wondering how others apply updates and patches in a school environment. Am I missing something or doing something wrong. Should I turn it off during school days and only turn it on during term breaks to update them. But this will use up most of my time which I use for deployments and server maintenance.
    I have been thinking of setting up FOG for a while to see if it is more flexible as WSUS is very basic in what I can do. Will it make things any better.
    What's the spec of these laptops? Is the WiFi 802.11g or better?

  8. #8

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    47
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by mrbios View Post
    SCCM.

    The functionality it adds to a standard WSUS server is insanely helpful. I hate WSUS on its own, within SCCM though it's very customisable. Takes a while to learn, and if you've never used SCCM before it's worth a training course + spending time on windows-noob.com looking through the extensive SCCM guides. Obviously it does a hell of a lot more than just WSUS too, but you don't have to use every part of it if you don't want to.
    It is another thing on my list of things to do. Everyone tells me that it is not easy to setup so I want to make sure I spend enough time on learning and testing it before installing it in production environment. Hopefully will try it soon.

  9. #9

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    47
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by free780 View Post
    What's the spec of these laptops? Is the WiFi 802.11g or better?
    Laptops are 802.11N but our wireless isn't great. Looking at upgrading it which should make things better in future.

  10. #10

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    47
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    @seawolf

    Do you also have any laptops in your school and how do you manage updates on them. I am sure there is no way to turn them on remotely like desktops so do you leave them on all the time?

  11. #11

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,484
    Thank Post
    611
    Thanked 2,194 Times in 1,006 Posts
    Blog Entries
    23
    Rep Power
    634
    I'll move this to the Windows 8 forum. Ideally I'd like to know what server version you are using as it really belongs in there.

  12. #12
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,493
    Thank Post
    519
    Thanked 290 Times in 266 Posts
    Rep Power
    82
    WSUS, with MDT to deploy the updates when Imaging. Thats how we handle it. and then it's down to GPO and WSUS afterwards.

  13. #13

    Join Date
    Dec 2012
    Location
    Victoria
    Posts
    47
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by Dos_Box View Post
    I'll move this to the Windows 8 forum. Ideally I'd like to know what server version you are using as it really belongs in there.
    It's Windows Server 2012 R2

  14. #14

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,484
    Thank Post
    611
    Thanked 2,194 Times in 1,006 Posts
    Blog Entries
    23
    Rep Power
    634
    Quote Originally Posted by san_narula View Post
    It's Windows Server 2012 R2
    Moving to Server 2012

  15. #15
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    807
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    We use Deep Freeze here and have it setup to wake the computers up at 1am; which is 1 hour prior to the schedule setup in GPO for Windows Update to download updates from WSUS and install them. Really, all you're missing is the component that can wake up machines on a schedule through WOL. There has got to be something out there that can parse DHCP logs and send out WOL when fired as a scheduled task.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 9th July 2013, 01:02 PM
  2. HA HyperV - Hosts need updated and restarted, how to manage the guests?
    By RabbieBurns in forum Windows Server 2008 R2
    Replies: 9
    Last Post: 31st August 2012, 10:43 AM
  3. Replies: 0
    Last Post: 14th August 2012, 05:01 AM
  4. How to start Windows 8 in classic desktop
    By Dos_Box in forum Windows 8
    Replies: 22
    Last Post: 5th July 2012, 11:53 AM
  5. Replies: 3
    Last Post: 10th September 2010, 07:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •