No announcement yet.


  • Filter
  • Time
  • Show
Clear All
new posts

  • WSUS...Help.

    I hope this is the right forum for this question. If not, I apologize.

    I have recently setup WSUS. This is my first ever experience with the product. Previously, I used GPO to push out updates. I need all the info I can get. How do I ensure that workstations are hitting the WSUS server instead of Microsoft. I have set the Specify intranet Microsoft update service location to the WSUS (http://wsus). How do I know if the workstations are actually getting updated.

    Basically, I just need some cliff notes on this thing before auditors hit me on it.

  • #2
    Re: WSUS...Help.

    Reports from the WSUS server will help you a lot
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: WSUS...Help.

      As your client computers start to connect to WSUS, they should be listed in Unassigned. You can then create Groups of computers, if you wish.

      If this is not being populated, you then need to check the port being used to connect to WSUS is correct and that it is allowed through the client and server firewals.


      • #4
        Re: WSUS...Help.

        Thanks, guys.

        Yeah, the are listed in unasigned and I created a group for my servers. But it says 123 computers needing updates and 166 updates needed by computers. Does this mean that 123 PCs aren't completely up to date? If so, then why haven't they been updating? I set this up last week and it had all weekend to run. i was really hoping to see that number start going down, but it is going up.

        What's going on?

        Thanks again.


        • #5
          Re: WSUS...Help.

          Ah depends on what you set your GPO to , did you set to "Auto download and schedule the install" ?


          • #6
            Re: WSUS...Help.

            In addition to Hazey's comment, unless you have configured WSUS to automatically approve updates, you may find the updates need approval. Best practice is to setup a pilot Group for initial updates to be rolled out to those machines. I tend to do this for certain users in each department and for users of certain software. Ideally it should be in a test lab but who has the budget for a suitable one these days and the time?

            When you are happy with the roll out to thos machines, after a couple of days, roll out to other groups.


            • #7
              Re: WSUS...Help.

              hazey...Yes, GP is set to Auto d-load and schedule the install everyday at 10:00.

              Virtual...I made a rule that would auto approve all critical, updates, and SPs for the unassigned groups, but not my server group.

              I did notice today that, compared to yesterday, the numbers have changed.

              Computers Needing Updates - 126
              Updates needed by computers - 95

              So, correct me if I am wrong, but it seems the "Computers Needing Updates" number means the total number of PCs I have that are communicating with WSUS? Or does it mean I have 126 PCs not up to date?

              And "Updates Needed By Computers" numbver means there are 95 updates that those 126 PCs need. So some could be the same update for different computers.

              Again, i apologize, I am just trying to pick you guys' brains. I appreciate the help so much. Y'all rock.


              • #8
                Re: WSUS...Help.

                It will take a bit of time for the installation to take place on client machines and maybe a few reboots. The best way to check is by going to one of the machines and manually going to the Microsoft Updates site. You can then look at the outstanding updates, if any.

                Usually, if you have set the updates to be automatically approved, providing you have set the option that Hazey states and the other options are relevant, it should be ok.


                • #9
                  Re: WSUS...Help.

                  OK...I'll let it go for a week or so and see. I will repost here what I find out.

                  What if a PC is not communicating with the WSUS server? How do I make it?

                  Last edited by Truck; 9th June 2009, 16:37.


                  • #10
                    Re: WSUS...Help.

                    In Command Prompt, of you go to the 'system32 folder.

                    Then run: wuauclt.exe /detectnow
                    wuauclt.exe /downloadnow

                    If it still doesn't download updates or isn't appearing in WSUS, do a

                    gpupdate /force /boot

                    Check that the Firewall is allowing access through the port used by WSUS. It is probably Port 80, so you perhaps don't need to worry unless you changed the defaults.


                    • #11
                      Re: WSUS...Help.

                      C:\windows\windowsupdate.log will also tell you what's going on, or trying to go on.
                      Please do show your appreciation to those who assist you by leaving Rep Point


                      • #12
                        Re: WSUS...Help.

                        Thanks again, guys. Tremendous help!!