Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Can you trust WSUS to update servers automatically?

Options
  • 15-05-2017 3:48pm
    #1
    ItHurtsWhenIP
    Registered Users Posts: 1,960 ✭✭✭


    Hi folks,

    I have been 3 years away from mainstream operations of a corporate environment, where we had about 100 servers of all shapes, sizes and OSes. We always had a monthly maintenance window in which we could carry out patching of the server estate and this was done manually, and in specific sequences in some cases (DB server up before App server restarted, etc.). We also had some <cough> W2K/W2003 :o servers which occasionally threw figaireys and wouldn't restart properly. So it was a pretty hectic maintenance window.

    Anyway, I've been voluntarily looking after the IT for a small community business, which has a small Virtual host with a couple of Win2012 server VMs running on it. One is DC/File server and the other is an App/DB server. Nothing fancy and I've been continuing the manual update process with this on a quarterly basis. There's never a problem with patching or sequencing etc.

    I was chatting to a network admin I met in a pub recently and we were swapping war stories and I mentioned the above set-up to him. He told me that nowadays, on the newer server OSes, you could trust WSUS to look after patching the servers automatically and even carrying out the reboots.

    I'm a bit dubious about this, but if it worked it would save me a bit of hassle.

    Could I trust WSUS for this?


Comments

  • Options
    #2
    shanec1928
    Registered Users Posts: 4,125 ✭✭✭shanec1928


    I wouldn't think it's worth the hassle for two vms and a host. Just keep manually patching


  • Options
    #3
    Fysh
    Moderators, Arts Moderators, Regional Abroad Moderators Posts: 11,016 Mod ✭✭✭✭Fysh


    2012 R2 (and probably 2012) had some odd issue a while back where WSUS with Group Policy configured to auto-reboot at a defined time when updates were pushed out through WSUS would, for some reason, not auto-reboot. I think it's been sorted, though.

    I don't know that it's necessarily worth it for a small setup like you described, particularly not when one of the VMs is an App/DB server where you probably want to run at least a nominal post-patching healthcheck when it finishes rebooting. But as a general thing, I'd definitely investigate it. I've been having an ongoing discussion as to the relative merits of WSUs vs SCCM for patching deployment - with the core things being that while SCCM allows more granularity of control over how you distribute packages, it's also not free and has some frustrating reboot-timing limitations that WSUS doesn't have.


Advertisement