Opinion on Microsoft Windows Server Update Services (WSUS)
Windows Patch Management, Windows Server Update Services, Windows Update Management, Windows Updates, WSUS
Could you please share your opinions on using WSUS to deploy patches and updates on windows networks ?
Would you recommend its use on a network of about 75 computers ?
What other update/patch management solutions are you using ?
Thanks,
Carlos DL
Software/Hardware used:
Software/Hardware used:
ASKED:
March 26, 2009 9:48 PM
UPDATED:
March 30, 2009 3:23 PM
Answer Wiki:
WSUS is all we need. The computers are updated the day the patches are released and you can modify the update behavior using Group Policy i.e. delay reboot, don't prompt, etc. You can also configure WSUS to send you an email when it updates with new patches so you are always on top of when they will be patched.
==================
WSUS should be adequate for this size of computer population. We have >3000 computers distributed across 18 sites. WSUS was not really the right tool for a distributed environment. It did not have adequate reporting or replication so the updates would be close to the clients. We are moving to Systems Center Configuration Manager.
To see all answers submitted to the Answer Wiki: View Answer History.
I would definitely recommend this solution an a network of this size. It can be added to an already existing system with no noticeable overhead and gives you the ability to approve patches for installation on all your systems during controlled periods.
This also will allow you (if you choose) to test patches prior to deployment on a test system. You can even setup groups and have the deploy at different days of the week. One successful strategy I’ve used has been to do DEV on a tuesday, QA on a Thursday and then Prod on a Saturday.
i agree that WSUS is a great route to take for patch management . I am currently using it to manage updates on about 250 computers. version 3.0 simplifies the process even more as it is microsoft management console (mmc) based. version 2.0 was web based. i tried out both WSUS and SMS for patch management and found that WSUS was much more intuitive (in my opinion).
We use WSUS and it works great for us. I just setup the machines to patch daily and we only have to download the patches once instead of 50-60 times.
Works great in our environment as well. I sue it to patch and organize patches on 700+ servers.
Thank you guys.
Very useful opinions.
WSUS is great but be careful, make sure you have a machine to test the updates with prior to updating the end users machine.
If you run any enterprise apps, lets just say maybe you run an Oracle web application in your windows environment, I have seen updates to IE do funny things with web browser applications, this goes for adobe also. So be careful and test what you choose to update first if possible, this will save some headaches.
WSUS is designed to work in this kind of senario I added it to a network that consists of nearly 98 computers, and it worked fine…really is helpful in situations like consuming less internet bandwidth, patch managemnet and so on. Now heading in the direction of using WDS which is a very neat piece of technology….