Jump to content

Windows Updates on Domain

GhostRiot
By GhostRiot
in Networking
 Share
Posted

Hey guys,

Just out of curiosity; Im wonder what most SysAdmins would consider standard procedure for Windows Updates on a domain, Im not sure how things are typically setup for WSUS. As in, when a PC is bound to a domain, can the local admin account still perform updates? Or can they only be initiated via WSUS or a Domain Admin?

Just wondering, since sometimes after freshly imaging a machine, when I go to run updates after installing whatever programs, Windows Update will not run, it just fails instantly. That said, if I log in with my domain account, it will install some updates, but usually fails a good portion of them, they don't ever properly install until they get pushed by WSUS.

 

Ive always been told that the LA account should always have the ability to make any changes on the local system. However when it comes to Windows updates, since its on a network this seems like a grey area. Any SysAdmins / Network Admins want to chime on on standard procedure for them?

Thanks.
 

Link to comment
https://linustechtips.com/topic/647840-windows-updates-on-domain/
Share on other sites
Link to post
Share on other sites
  • 2 weeks later...
Posted

Windows updates and WSUS are pretty much separated from any real domain integration. You can use Group Policy to point to a WSUS server and set restrictions on who, when and how updates are applied but WSUS itself is not domain integrated.

 

You can use local computer policies to point to a WSUS server and set the same things as you can using Group Policy, just applies local to the computer obviously.

 

The most common reason newly imaged machines fail to install updates is it takes a while for WSUS to fully scan a new computer and catalog installed updates, if it was an existing computer that can confuse WSUS a little bit longer but it sorts itself out.

Link to post
Share on other sites
Posted
2 minutes ago, zuboForgot said:

 

I would love to know where to start to set up WSUS without Windows Server Edition...

 

Is that possible?

WSUS is a featire of Windows Server - you need at least one Windows Server system to set it up.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to post
Share on other sites
Posted
1 hour ago, zuboForgot said:

Thx :)

 

Doubt I'll ever have server...

If you're a college or university student, you can access Microsoft Dreamspark program for free - you get licenses to most of their major software, including Windows Server 2012 R2 (and soon to be Server 2016). You just need a Student Email address from your College or University.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to post
Share on other sites
Posted

<3 Dreamspark. Alternatively if you're a gambling man you can buy Server 2012R2 Standard from Reddit for something like $25-$35. I bought 5 licenses, no issues to date (knock on wood). I'd go with dreamspark if you have access to an edu account however (yours or somebody you know).

Link to post
Share on other sites
Posted
11 hours ago, Mikensan said:

<3 Dreamspark. Alternatively if you're a gambling man you can buy Server 2012R2 Standard from Reddit for something like $25-$35. I bought 5 licenses, no issues to date (knock on wood). I'd go with dreamspark if you have access to an edu account however (yours or somebody you know).

Think I've seen that subreddit. No way I could deploy it 'for reals' but take it for what it is and it's real experience with that OS.

 

How would CALs work?

 

Link to post
Share on other sites
Posted

You may want to check out http://www.wsusoffline.net/

 

We've been playing around with it at the office (where we do have a WSUS server) and it's looking good so far.  We use it to update freshly imaged/recovered PCs prior to joining them to a network.

Link to post
Share on other sites
Posted (edited)
12 hours ago, AlexMc said:

You may want to check out http://www.wsusoffline.net/

 

We've been playing around with it at the office (where we do have a WSUS server) and it's looking good so far.  We use it to update freshly imaged/recovered PCs prior to joining them to a network.

Thanks :)

 

I can make a rather complete download somewhere with good internet, apply it to computers at home and see if they feel like they're updated....

 

Only time will tell but this appears like it could help an awful lot.

 

(Now... if I could make packets from/to wsusoffline wait patiently and let everything else get through first...)

Edited by zuboForgot
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×