Many organizations find themselves patching the endpoints in their environment, but in the end of the day, the most critical server is not being patched and is vulnerable.
This article provides guidelines on how to patch your WSUS server in a way which will not affect the patching procedure of the rest of your environment.
Step 1: Include the WSUS server in it's own list on computers
Make sure you run run one of the following commands:
wuauclt /resetauthorization /detectnow
Step 2: Create a Separate Group for WSUS server
In the WSUS server, create a new computer group and add the WSUS server to it. We recommend naming the group with a catchy name, so you won't add any other servers. (For example Only_WSUS_Server)
Step 3: Create a Maintenance Window dedicated for patching the WSUS Server
Create a maintenance window in separate time slots than the rest of the computer groups. Since most updates require a restart, we don't want such procedure to interfere ongoing patching activities.
For more recommendations please contact the JetPatch support team