WSUS Disadvantage

[borisre]

Hello all,
I'm thinking of inserting WSUS to my Data Center, I would like to know what are the disadvantages of the product.
Thanks Ahead,
Boris Reuven

[graycat]

funnily enough, I've just had one of our senior staff say that patching / updating windows machines is a waste and that WSUS is a bad idea. I'm still scratching my head trying to figure that one out at the moment.
_________________
This message represents the official view of the voices in my head
Poor Search function! Nobody uses you, nobody loves you

[larsmhansen]

I don't really see any disadvantages. There's room for improvements, but overall, it's working pretty good for us. As with everything else, there's some planning to do, as in how to approve updates, what updates to approve, how to deal with laptops that are rarely on-site, when and how to install updates.

Ok, I have one disadvantage. The interface is rather slow. If you are manually approving updates, expect to spend quite some time going through it.

WSUS 3.0 Beta should be out now; I haven't tried it yet, but I'm seriously considering trying it out soon.
_________________
Is there anybody listening? Is there anyone that sees what's going on?
Read between the lines, criticize the words they're selling
Think for yourself and feel the walls Become sand beneath your feet

[dveuve]

I'll echo the above. The only real annoyance I have with it, is for the initial phase, there is no "Mirror Microsoft Update Approval For These Products" functionality. I haven't gottten the time to finish the approval process, so I still need to download 25 or so updates from MS Update on a new SP2 install. I don't remember that problem on SUS (though I never used it in the enterprise).

[ThePsyko]

I have to agree. Althought he only time I really found that approving updates was a problem was the very first time I went through the list. After that, the list of updates is more manageable.

[RFmax]

I may have missed as to how to do it, but my major issue is that I can not push out updates at other than the scheduled time I setup. It gets complicated when you have notebooks that are not there at night.
_________________
CWNA, CWSP, K0PBX

[dveuve]

That's by design. WSUS isn't a push model, it's a pull model. Laptops have to request updates. What I have done on my system is set computers up to check for updates every 6 hours. That way I get them during the work day (the default is 22). I'm fairly certain that such steps aren't necessary, but my preference is to be conservative in a GPO and never have to worry about it again.

[RFmax]

That is one way except that it does not allow you enough leeway to for instance push them out during lunch. The upper management types get real cranky when their systems are doing something not instigated by them.
_________________
CWNA, CWSP, K0PBX

[dveuve]

I think you'd be stuck using SMS for that. I haven't used it myself, but I think that's the product that would accomplish what you want.

You could also set the upper management computers to restart at 12:30, or something of that nature, but I since most updates require a restart anyway, you're probably not going to get out of it without some user education. It's not a bug, it's a learning experience!

[RFmax]

Tell that to the CEO and the person that signs the checks.
_________________
CWNA, CWSP, K0PBX

[dveuve]

I'd go with the "This is what happens if you don't patch your system [...]. Now, we have three options. All of them will cause you some small amount of inconvenience, but that's unavoidable. What do you think would least impact your work schedule?"

[RFmax]

Well, I appreciate the advise, but in the real world or at least the clients that I deal with, none of this is remotely significant unless they have been involved with a situation where money was lost. You tell a Sales VP working on a million dollar contract with a client over Webex that their notebook is going to reboot in a few minutes and see how long you still employed.

Sorry, I did not mean to hijack the thread.
_________________
CWNA, CWSP, K0PBX

[PhiBer]

1. The lack of multi-processor support (should be fixed in 3.0)
2. Slow and aesthetically unappealing management interface
3. Lack of 3rd party patch control and customization

But, for your standard, Microsoft only updates, WSUS seems to do the job - and at the cost of free, it can't be beat. I just wish there was more room for flexibility in terms of administration and patching.
_________________
"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy" –Martin Luther King

[AdamV]

Incidentally the release candidate of WSUS 3 is now available, the Beta programme is due to close any time now.
_________________
"Due to global warming, eskimos now have 20 words for water" John O'Farrell
Meteor IT - Technical Consulting Services and Software Training Courses, Leeds, UK

[graycat]

[PhiBer]

FYI - The SQL Server still eats your servers memory for lunch. Here is a fix. So far, the new version of WSUS seems to be better than version 2.0. Multi-proc support really helps too!
_________________
"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy" –Martin Luther King