WSUS Disadvantage

[borisre]

Hello all,
I'm thinking of inserting WSUS to my Data Center, I would like to know what are the disadvantages of the product.
Thanks Ahead,
Boris Reuven

[graycat]

funnily enough, I've just had one of our senior staff say that patching / updating windows machines is a waste and that WSUS is a bad idea. I'm still scratching my head trying to figure that one out at the moment.

[larsmhansen]

I don't really see any disadvantages. There's room for improvements, but overall, it's working pretty good for us. As with everything else, there's some planning to do, as in how to approve updates, what updates to approve, how to deal with laptops that are rarely on-site, when and how to install updates.

Ok, I have one disadvantage. The interface is rather slow. If you are manually approving updates, expect to spend quite some time going through it.

WSUS 3.0 Beta should be out now; I haven't tried it yet, but I'm seriously considering trying it out soon.

[dveuve]

I'll echo the above. The only real annoyance I have with it, is for the initial phase, there is no "Mirror Microsoft Update Approval For These Products" functionality. I haven't gottten the time to finish the approval process, so I still need to download 25 or so updates from MS Update on a new SP2 install. I don't remember that problem on SUS (though I never used it in the enterprise).

[ThePsyko]

I have to agree. Althought he only time I really found that approving updates was a problem was the very first time I went through the list. After that, the list of updates is more manageable.

[RFmax]

I may have missed as to how to do it, but my major issue is that I can not push out updates at other than the scheduled time I setup. It gets complicated when you have notebooks that are not there at night.

[dveuve]

That's by design. WSUS isn't a push model, it's a pull model. Laptops have to request updates. What I have done on my system is set computers up to check for updates every 6 hours. That way I get them during the work day (the default is 22). I'm fairly certain that such steps aren't necessary, but my preference is to be conservative in a GPO and never have to worry about it again.

[RFmax]

That is one way except that it does not allow you enough leeway to for instance push them out during lunch. The upper management types get real cranky when their systems are doing something not instigated by them.

[dveuve]

I think you'd be stuck using SMS for that. I haven't used it myself, but I think that's the product that would accomplish what you want.

You could also set the upper management computers to restart at 12:30, or something of that nature, but I since most updates require a restart anyway, you're probably not going to get out of it without some user education. It's not a bug, it's a learning experience!

[RFmax]

Tell that to the CEO and the person that signs the checks.

[dveuve]

I'd go with the "This is what happens if you don't patch your system [...]. Now, we have three options. All of them will cause you some small amount of inconvenience, but that's unavoidable. What do you think would least impact your work schedule?"

[RFmax]

Well, I appreciate the advise, but in the real world or at least the clients that I deal with, none of this is remotely significant unless they have been involved with a situation where money was lost. You tell a Sales VP working on a million dollar contract with a client over Webex that their notebook is going to reboot in a few minutes and see how long you still employed.

Sorry, I did not mean to hijack the thread.

[PhiBer]

1. The lack of multi-processor support (should be fixed in 3.0)
2. Slow and aesthetically unappealing management interface
3. Lack of 3rd party patch control and customization

But, for your standard, Microsoft only updates, WSUS seems to do the job - and at the cost of free, it can't be beat. I just wish there was more room for flexibility in terms of administration and patching.

[AdamV]

Incidentally the release candidate of WSUS 3 is now available, the Beta programme is due to close any time now.

[graycat]

[PhiBer]

FYI - The SQL Server still eats your servers memory for lunch. Here is a fix. So far, the new version of WSUS seems to be better than version 2.0. Multi-proc support really helps too!