Windows Updates Distribution

[Daniel Lamarre]

I'm managing a medium sized office with 55 clients, and 1 file server. The file server is running Windows XP, the clients are either XP/2000 and a few 98 which are to be upgraded to 2000 soon.

Whenever there are Windows updates, most people update their machines at the same time, other simply never do it. Since we have a relatively weak and slow Internet connection and some people forget the updates, I was wondering if there was any way to download the updates once, and re-distribute them locally in order to reduce traffic on the Internet connection and to patch up the potentially dangerous clients who don't update.

If anyone knows a way to do that, or actually does it I'd like to know about it! Thank you very much.

[Deezire]

Just use the Windows Update Corporate Site

Corporate Update Site

This will download al the update packages seperate..

So you can distributte them over the Network off your company:)

((sorry for Bad english))

[BeenThereB4]

If you have some technical expertise, you want to install SUS on your server. It's free from Microsoft.

[phpballer]

You can schedule the Microsoft Critical Updates to either; Notify, Download or Download and install. I would choose the latter and schedule the service to run in a pattern that would not cripple your network.

Or you can use Microsoft's SUS solution, but it will only download, it will not distribute to your clients.

[Daniel Lamarre]

Ok I'll take a look at SUS and see what it can do. But still, I'm sure there's a way to have the files distributed automatically... maybe a script? Ideas anyone?

[Bâshrat the Sneaky]

I also know this is possible.. It's at my school the same way (I think at least Or would they be SOOO stupid that they let EACH pc download all hotfixes??? )

I'll ask my teacher, but I won't see him till next Tuesday...

[BeenThereB4]

Of course it updates the clients! Otherwise, what would be the point. At least for Win2000 and XP clients, you just use some registry entries on the clients to point them to the SUS server. Easy as pie.

[FthrJACK]

If you had a server running active directory you could download the patches to the server and enforce installation using group policy, create a new Group Policy Object and presto, any machines logging onto the network without the patches would auto install them.

I would run active directory on a network of the size you have. a company that i wont name (but a large financial one) recently had to shut one of its offices machines down and close its office for 3 days due to sasser. I laughed my head off at that because their sys admin was doing just the same as you (keep in mind this is on a larger network than yours), installing patches on each machine one by one and had all his machines running on the same router (your ok doing that really with just 52 machines).. one machine got sasser and BOOM whole network had it within minutes.

He was then re-installing windows on each machine, setting it up, installing software, and patching it. going round the office doing each machine in turn, all 200 or so, like a n00b. This guy gets paid more than i do too, i should go talk to his boss and steal his job!

i can explain GPO in more detail if you need me to.

[BeenThereB4]

I must point out that with SUS and the proper settings on the SUS server and the clients, it's all automatic. It works the same as when you set up a client to auto-update from the WindowsUpdate site, except only the SUS server does the downloads from the Internet. The clients all auto-update from the SUS server. You are taking a coffee break while your peers are manually downloading updates and authoring GPOs.

[Daniel Lamarre]

Ok ok.. I know running XP as a server and all was not a good idea; but you have to understand that it's all I had, and i wanted to do the maximum with the tools I had;

First, SUS server won't work on XP, only on servers;

Second, Sasser did hit us; it was a pain in the a**, but it took me 2 and a half hours to wipe it out I got lucky though, could have been worse;

Third, I finally got the authorization and funds to build a (almost) real server, running W2k3 Server Standard. P4 3Ghz HT, 1gig OCZ Dual Head DDR, 2 x 200GB SATA's... cute machine

I am presently installing W2k3, so things will get in place in the next few days/weeks. Thanks for the hints