Question

Locked

How Do We Confirm WSUS 2.0 is Supplying Updates

By tmorgan ·
We are using WSUS 2.0 based on a Server 2000 server and I need a method of confirming that the updates are really getting pushed out to the clients. The status is good when we look at the various WSUS reports, but some folks are saying they aren't getting the updates.

Group policy is enabled for WSUS for all computers in the domain. An oputside consultant originally set this up and the documentation is non-existent about use and confirmation.

I checked my Windows Update Log and the reference to the WSUS Server is correct as far as name and port information.

Some detailed instructions or tips would be appreciated.

Thanks - Tom

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

sorta the problem with 2.0 get 3.0

by CG IT In reply to How Do We Confirm WSUS 2. ...

wasn't a dashboard that says what... 3.0 solves this problem.

you can install 3.0 and do away with the problem all together which would me my advice. Might take a couple of days to sync and get updates pushed out if stations need them, but 3.0 will give you reports you can understand and reflect the status of each covered workstation and server.

Collapse -

Thanks for the info - the concensus seems upgrade

by tmorgan In reply to sorta the problem with 2. ...

Thanks for the reply, it seems that my best option will be to upgrade to 3.0 on a server that will support it.

Collapse -

WSUS 3.0 SP1

by bincarnato In reply to How Do We Confirm WSUS 2. ...

Just to add to what CG IT has said, 3.0 SP1 is available and is very easy to manage. That being said, the answer your question about for more information is here:

http://technet2.microsoft.com/windowsserver/en/library/d446d310-413f-4844-8aad-c557712397401033.mspx?mfr=true

If you want to force an update detection on a client PC, open a command prompt and type: "wuauclt.exe /detectnow" without the quotes. Then look at WindowsUpdate.txt in the Windows directory for any errors.

Also, what is leading folks to think they are not getting these updates? Is it for a specific application, Windows XP, Office 2003, Live Toolbar, etc., because you can specify which products to update with WSUS. As a final check, if the outside consultant didn't disable it, go to the Microsoft Update website, not Windows Update, and have it check for updates. If it finds critical updates that need to be installed it means one of two things, WSUS isn't working correctly or WSUS is not updating those applications.

If you want to upgrade to WSUS 3.0 SP1 the link is here. You can use the above link to look at the install information. If you do upgrade, here are some considerations. It will require you to uninstall WSUS 2.0, which it will do automatically during the install process. If the outside consultant used group policy to assign PCs into groups, you will need to re-create those groups in WSUS 3. The install isn't very difficult overall. Here is the link:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F87B4C5E-4161-48AF-9FF8-A96993C688DF&displaylang=en

Collapse -

We will upgrade to 3.0

by tmorgan In reply to WSUS 3.0 SP1

It looks like the best option will be to upgrade to 3.0. Our biggest problem is that we are a small shop supporting 1300 folks. It looks pretty straight-forward though.

Thanks for the information, it was very helpful.

Collapse -

Another thing

by Kjell_Andorsen In reply to How Do We Confirm WSUS 2. ...

I definitly agree with what other posters have said about upgrading to WSUS 3.0. I performed a WSUS upgrade about a year ago at my old job and while there was some initial work to get it all running smoothly, the work quickly paid off. I much preferred 3.0 to it's predecessor.

Another piece of advice I have is to download and start using the Microsoft Baseline Security Analyzer (MBSA) tool.

This tool is free from Microsoft and can be used to scan systems for a range of security issues. It will tell you of any missing security updates, as well as other vulnerabilities including IIS and SQL security holes and items such as weak passwords for local accounts.

You may not want to scan your entire network every week with MBSA as the logs can take some time to go through, but you should definitly scan critical servers and a random sampling of workstations on a regular basis.

Collapse -

Great Idea as Well

by tmorgan In reply to Another thing

Thanks for the reminder about the Security Analyzer. We are a small shop and anything I can get to help keep things running safely and well is a help.

Tom

Collapse -

Using WSUS 3.0

by tmorgan In reply to Another thing

That sounds like good advice as well. We are in the process of bringing up a new server and I will install 3.0 on it.

Thanks

Back to Networks Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums