Announcement

Collapse
No announcement yet.

Wsus

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wsus

    Hi,

    I am posting this in Misc as I could not find a category that was better for this post. If this post needs to be moved please let me know where and I can move it.

    The question (1 of 2) I have is - is it possible to get WSUS server to update a server but not restart it?

    At the moment we leave a disconnected session on each server so that the server does not restart but asks the user to Restart Now or Restart Later. This ofcourse is enabled from GPO (when users are logged in then user will be asked to restart). This setting applies to PCs as well, i.e. if users do not logoff then the user will get a notice to restart now or later. The problem with this (for servers) is that if someone accidentally closes the disconnected session then the server will restart immediately.

    Now we come to the second question - The restart notice pops up every 15 or 20 minutes (I think) and this is annoying for users. is there a way to make it pop up every 3 hours (or more)?

    Thanks for reading this post.

  • #2
    Re: Wsus

    Hi,

    1- Enable the No auto restart .... option in the GPO
    2- In the Configure Automatic update properties
    select Autodownload and schedule the install and then schedule the day and time to suit your needs.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Wsus

      L4ndy

      I have both configured.

      The first one you mention (no auto restart) actually says this on GPO - No auto-restart with logged on users for scheduled automatic updates installation. This is why we have a disconnected session on the servers, so it does not start when a user is logged in. On the PCs, if users do not log off or shutdown their PCs, then the next time they login they get the restart now or later pop ups.

      Just so everyone knows, I am using Windows 2003 servers.

      Comment


      • #4
        Re: Wsus

        What else have you got configured from the Windows Update GPO settings?
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Wsus

          THe follwing are set on GPO -
          • Configure Automatic Updates
          • Specify intranet Microsoft update service location
          • Reschedule Automatic Updates scheduled installations
          • No auto-restart with logged on users for scheduled automatic updates installation
          • Automatic Updates detection frequency

          Comment


          • #6
            Re: Wsus

            I'm curious as to why you'd want to do this. My experience is that installing updates and not immediately rebooting can lead to unpredicatable results. It'd be much better IMO to find a time during the week where the servers can be rebooted straight away E.g. our production servers reboot at 6am on a Monday morning, so that if there are any issues the first person in at 8am can deal with them before the rest of the staff come in at 9am.
            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
            sigpic
            Cruachan's Blog

            Comment


            • #7
              Re: Wsus

              well, i just started working at this new place and the previous admin had setup everything this way. In my previous work place, I would do something similar to what you do - allocate a time when the updates are done. In the new place things are a little different. The servers run apps that sometimes require to run for long periods of time and therefore we have to make sure that the servers do not restart until we want it to restart.

              As for the PCs, all PCs are turned off during the night (company policy) or users lock their computers if they are running any apps. If users turn off their PCs then the updaets are installed after they login and then they get the restart now or later pop up. If they lock their PC's then the updates get done during the night and they also get the pop up.

              To tell the truth, I have never had any problems from not restarting server/PC (for a few days) after installing updates.
              Last edited by root; 16th October 2009, 15:43.

              Comment


              • #8
                Re: Wsus

                Ah, the joys of inheriting someone else's installation.

                It's only rarely I've experienced issues by servers not being rebooted immediately, but when it happens it goes wrong properly. Not that long ago I had to shut down 5 servers across 3 sites and bring them all back up in stages because the local admins hadn't rebooted after installing updates and AD and Exchange stopped talking to each other. Caused some pretty major disruption.

                Anyway, I'd suggest removing WSUS controlled updates from the servers. Leaving a disconnected session is a bit of a clunky workaround, so I'd personally prefer just to update and then reboot them when I know it's OK, rather than trusting it to a workaround. If apps are running long term then it's going to annoy people if the workaround fails.

                For the client machines I don't think there's much option though. I hate that pop-up, and I've nearly been bitten on the backside by it more than once when it's popped up when I'm working on a server. I know giving users options is never a good idea, but perhaps you could switch to downloading updates rather than installing them, and then disabling the "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" so that the client PCs get updated and then turn off. Alternatively you could use the power management options in the updates GPO to turn the machines on and update them on a Monday morning before everyone comes in.

                It would be really nice if there was an "Install Updates and Shut Down" GPO, then you could just configure it for when everyone's left.
                BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                sigpic
                Cruachan's Blog

                Comment


                • #9
                  Re: Wsus

                  I have stopped the server updates already. We had an issue yesterday when a server restarted while users were working on the application it runs. THe problem is there are almost a hundred servers I have to look after so manually updating all servers is not a good option as well

                  I will check out what you mentioned on about the GPOs for the PCs.

                  Does anyone know any other apps that does updates, only better?

                  Comment


                  • #10
                    Re: Wsus

                    We have a bunch of machines with the update service disabled so use some scripts to install updates when needed. A bat file enables updates using sc then uses psexec to run a vbscript on remote machines. The vbs uses the WUA API to download and install updates then reboots if necessary. The bat then disables the update service upon reboot.

                    The vbs is basically a toned down version of this one: http://community.spiceworks.com/scri...ts-version-2-6

                    Comment


                    • #11
                      Re: Wsus

                      Thanks aquadodo. This looks promising. Will give it a try (hopefully this week) and let you know how it went.

                      Comment

                      Working...
                      X