WSUS Best Practices

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    I have a fully functioning WSUS environment. It is being deployed via a GPO and works as expected (for the most part).

    I’m wondering what the “best practice” is for my environment. Here is a high level overview.

    ATT fully meshed MPLS network using Class of Service so I can give SUS traffic low priority. Right now, I have PC checking updates from SUS server, and then going out to the Internet to pull them down. The problem is that although I have some QOS operational, sometimes we have machine that will d/l updates through the day and it kills the internet pipe at that location. Some people say to just let clients d/l from the SUS server, but then we run into perhaps killing the connection at our corporate office.

    So, my main question is: can I tell machines to ONLY download their updates from say: 6PM to 6AM? I do not see how to force the time in which they download, only when they install. I think the problem is that if a machine is powered off when they are supposed to install (currently 1:am) then when the user comes in the next morning and powers up, it tries to pull down the new updates and kills the circuit. Obviously I need to work more with ATT on our Class of Service, but is there a way to STOP all downloads of windows updates at a particular time? I just don’t see it!

    Because I am new. I cannot post the link to my screenshot of the GPO within the post so here is the link:

    http (colon) // www dot mercersoccer dot net / images/WSUS.gif

    In the screenshot above… We are: Set to 4 “Auto download and schedule the install” under Configure Automatic Updates.

    Thanks. I can answer more questions moving forward. I hate for my initial post to be too long.


Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.