Automatic WSUS use?

Tom · October 16, 2016, 01:34:22 PM

I'm playing with random stuff today, and one of the things is setting up WSUS, mostly as a cache for updates. Is there a way to just have all machines on the network automatically use it, WITHOUT having all machines join a domain or anything like that? some dhcp flag maybe? or maybe wsus can just broadcast its existence and local machines will pick it up?

I would prefer not to have to run manual cli commands or manually reconfigure windows update settings on all machines.

Lazybones · October 16, 2016, 03:54:18 PM

WSUS use is controlled by the registry, while you could manually manipulate individual machines to use it it is designed for domain use and for a group policy to enable it.

Tom · October 16, 2016, 04:52:39 PM

Ah, well that sucks.

Lazybones · October 16, 2016, 05:15:17 PM

Quote from: Tom on October 16, 2016, 04:52:39 PM
Ah, well that sucks.

Windows PCs are ether managed or not managed for the most part. Unless we are talking about at least 20 plus PCs in a single site with weak internet, I would not bother with WSUS.

Melbosa · October 16, 2016, 09:14:44 PM

Quote from: Tom on October 16, 2016, 04:52:39 PM
Ah, well that sucks.

I tend to agree somewhat with Lazy, although I thing the 20 plus machines is not any type of bench mark. I have used it at office sites with 6 or sometimes less computers, but that have need as their internet connect is very limiting.

Also why does it suck? WSUS is really meant for a managed directory of computers (and there are ways to automate that without GPO, but GPO is certainly by far the most common). PUPPET and similar software in the Linux world is no different. You have to register the computer to the Patch Management system some how - how you automate that is either through scripting/subnet scanning or some type of central management system for your OSs. All of which require some sort of credential repository or central authority.

Tom · October 16, 2016, 09:33:25 PM

I was assuming i could use it like a glorified cache.

Melbosa · October 17, 2016, 01:33:50 AM

Quote from: Tom on October 16, 2016, 09:33:25 PM
I was assuming i could use it like a glorified cache.

Ahh like a steam cache server; hijack the dns and make it a local repository

WSUS isn't just a repository though, and wasn't designed to be such from the ground up. Its more about machine patch management. The repository is a bolt on piece to WSUS, as you can just run WSUS with the repository still being Windows Update services from Microsoft.

WSUS may die out some day or be merged into another product, as most organizations Microsoft based are moving more to a SCCM deployment patch system.

Sorry it wasn't what you wanted...

Lazybones · October 17, 2016, 08:43:40 AM

Windows 10 introduces Somme new options and integrates with InTune pushing everything to the cloud.

While SCCM is currently king it can integrate with InTune and it is likely MS will go to 100% InTune in the future.

Tom · October 17, 2016, 10:04:53 AM

Quote from: Melbosa on October 17, 2016, 01:33:50 AM
Quote from: Tom on October 16, 2016, 09:33:25 PM
I was assuming i could use it like a glorified cache.
Ahh like a steam cache server; hijack the dns and make it a local repository

WSUS isn't just a repository though, and wasn't designed to be such from the ground up. Its more about machine patch management. The repository is a bolt on piece to WSUS, as you can just run WSUS with the repository still being Windows Update services from Microsoft.

WSUS may die out some day or be merged into another product, as most organizations Microsoft based are moving more to a SCCM deployment patch system.

Sorry it wasn't what you wanted...

The whole exercise was mostly to learn. I had this win server vm I had setup for .net stuff, so I figured, why not let it do wsus too if it possibly can.