Score:-1

Optimize WSUS for work-from-home users

it flag

We self-host our infrastructure. Most users work from home using (more or less) poor Internet connections with VPN.

Besides MS E5 and third-party options, is there a (documented) method of getting over 150 users up to date via WSUS remotely?

I have approved some updates, but from the WSUS Dashboard there are still computers either not signed in for the past 30 days or updates needed by computers.

We do not have the resources to add a secondary WSUS. I did read up on some of the similar posts. How can I make sue, my computers get their updates, ugin one WSUS Server and no additional apps?

bjoster avatar
cn flag
Do you have a GPO in place, that configures your clients? If yes, does name resolution and client-to-wsus connectivity work in general?
cn flag
"We do not have the resources to add a secondary WSUS" - you do. You claim over 150 users. A non-downloading WSUS server costs peanuts. SOmeone is too cheap to spend a pizza per month on it, but you do have the resources, or you do not have 150 users.
cn flag
Also, per site rules, we do not help hacking something together that is not supported. Installing another WSUS for this is standard (and that can be optimized to download from MS). As per site rules, off topic: Questions should demonstrate reasonable information technology management practices. Questions that relate to unsupported hardware or software platforms or unmaintained environments may not be suitable for Server Fault.
Jacobus Burger avatar
it flag
I feel offended by your remarks. We do have GPO's, the WSUS is resolving remotely via the VPN, the site is not undermaintained and I feel requesting alternatives are valid. I am not of topic. We have a very dated cluster to maintain as as always top level management is hard to convince to move to new things if old things aren't broken. I adopted this site and doing my best to improve. This is an old environment. We do not have space for another WSUS instance. I am not looking for a hack, just an honest opinion.
Score:1
it flag

This is what I did to remediate the fact I cannot add more servers.

Investigating further we found that users on 3G and ADSL in smaller cities have very high latency. The WSUS did not always respond in time.

I changed the GPO URL to IP address. Intranet Service

As we found that capped users did not update their machines I changed the GPO from option 3 - Download and Notify Install to option 4 - Download and schedule install. Forcing them will update the statistics on WSUS for us to report back to compliance officers. We did not go with the immediate install option, as we would like to control when we receive tickets on failed installs or any issues the setup may have on the target machine. Configure Automatic Updates

And we added Client-Side targeting for end users on the new changes. Client-side Targeting

We kept most of the other settings basic. End users are not setup as admin, so best we control the behaviour of the machines.

For now this solved my issue. The site was configured for onsite desktops and then everyone went home for lockdown and COVID. It needed a rework.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.