No announcement yet.

WSUS Best Practices

  • Filter
  • Time
  • Show
Clear All
new posts

  • WSUS Best Practices

    I have a fully functioning WSUS environment. It is being deployed via a GPO and works as expected (for the most part).

    I'm wondering what the "best practice" is for my environment. Here is a high level overview.

    ATT fully meshed MPLS network using Class of Service so I can give SUS traffic low priority. Right now, I have PC checking updates from SUS server, and then going out to the Internet to pull them down. The problem is that although I have some QOS operational, sometimes we have machine that will d/l updates through the day and it kills the internet pipe at that location. Some people say to just let clients d/l from the SUS server, but then we run into perhaps killing the connection at our corporate office.

    So, my main question is: can I tell machines to ONLY download their updates from say: 6PM to 6AM? I do not see how to force the time in which they download, only when they install. I think the problem is that if a machine is powered off when they are supposed to install (currently 1:am) then when the user comes in the next morning and powers up, it tries to pull down the new updates and kills the circuit. Obviously I need to work more with ATT on our Class of Service, but is there a way to STOP all downloads of windows updates at a particular time? I just don't see it!

    Because I am new. I cannot post the link to my screenshot of the GPO within the post so here is the link:

    http (colon) // www dot mercersoccer dot net / images/WSUS.gif

    In the screenshot above... We are: Set to 4 "Auto download and schedule the install" under Configure Automatic Updates.

    Thanks. I can answer more questions moving forward. I hate for my initial post to be too long.


  • #2
    Re: WSUS Best Practices

    Best practice here is to setup a downstream WSUS server at each of the additional site(s) where client computers sit. These servers would download the patches (either from the internet or upstream server) and server out to the client's on the local LAN. This will limit the amount of data being downloaded by a large margin.


    • #3
      Re: WSUS Best Practices

      Thank you for the reply....

      In a perfect world, I'd agree with that post. the problem is that we have about a hundred remote sites so putting a server at each location really isn't feasible.

      I really just need a way to force the download of updates to occur only between evening and morning..... This way our T's aren't killed throughout the day.