SUS Server - Force Installs?

  • Thread starter Thread starter Scott
  • Start date Start date
S

Scott

We just had a mild breakout here of MSBlast because the SUS server (as I just found out) DOES NOT actually install the updates on the clients it only tells the clients where to get updates from and to download them. The machines we had that got infected were only like 4 of them total because these 4 didn't have AV on them either. But in trying to track down one of the IP's that was scanning port 135 on the network I discovered all of these machines had the updates downloaded with the little globe in the systray for the user to click on and install.

Is there anyway to FORCE these updates to install rather than sit in the damn systray requiring the user to click on it?

Also, another question, in SUSAdmin it there's a selection of where to get updates from. To synchronize the server I have to select windows update, and then I have to change it back so the clients get the updates from the internal server rather than MS Windows Update...Is there any way to change that?

Thanks!
 
The easies way is specify a forced install through active directory. If you
are not running AD, look in the deployment guide, there should be some
registry code that you can insert on the clients to configure the updates to
work like want.

http://www.microsoft.com/windows2000/windowsupdate/sus/susdeployment.asp



We just had a mild breakout here of MSBlast because the SUS server (as I
just found out) DOES NOT actually install the updates on the clients it only
tells the clients where to get updates from and to download them. The
machines we had that got infected were only like 4 of them total because
these 4 didn't have AV on them either. But in trying to track down one of
the IP's that was scanning port 135 on the network I discovered all of these
machines had the updates downloaded with the little globe in the systray for
the user to click on and install.

Is there anyway to FORCE these updates to install rather than sit in the
damn systray requiring the user to click on it?

Also, another question, in SUSAdmin it there's a selection of where to get
updates from. To synchronize the server I have to select windows update, and
then I have to change it back so the clients get the updates from the
internal server rather than MS Windows Update...Is there any way to change
that?

Thanks!
 
There is a way to force the application of updates to your
clients and the answer to your 2nd question is yes. Go to
MS and search for SUS then read the deployment guide.
-----Original Message-----
We just had a mild breakout here of MSBlast because the
Click to expand...
SUS server (as I just found out) DOES NOT actually install
the updates on the clients it only tells the clients where
to get updates from and to download them. The machines we
had that got infected were only like 4 of them total
because these 4 didn't have AV on them either. But in
trying to track down one of the IP's that was scanning
port 135 on the network I discovered all of these machines
had the updates downloaded with the little globe in the
systray for the user to click on and install.
Is there anyway to FORCE these updates to install rather
Click to expand...
than sit in the damn systray requiring the user to click
on it?
Also, another question, in SUSAdmin it there's a
Click to expand...
selection of where to get updates from. To synchronize the
server I have to select windows update, and then I have to
change it back so the clients get the updates from the
internal server rather than MS Windows Update...Is there
any way to change that?
 
Been there done that. That's what I used in setting it up in the first
place. Problem is the little globe just sits in the system tray on the
client machines waiting for them to click it and select install even though
the policy is set to "Download AND Install" at X time.
 
Been there done that. That's what I used in setting it up in the first
place. Problem is the little globe just sits in the system tray on the
client machines waiting for them to click it and select install even though
the policy is set to "Download AND Install" at X time.
 
Back
Top