WSUS Primary
It is possible to configure the WSUS such that while the controls process is done as usual using JetPatch and WSUS, the patches themselves are downloaded to the Endpoint from Microsoft Update Center (Microsoft.com) instead of being download from the WSUS cache. This setting is done by configuring the WSUS Options -> Update Files and Languages -> Update Files and selecting the option of 'Do not store files locally; Computers store from Microsoft Update'
Note1: In order for this setting to work, Windows endpoints need to have access to the Internet, specifically these Microsoft URLs.
Note2: In order for 3rd party patching to work, you cannot use this setting. All updates would need to be pulled from WSUS server, instead, we recommend delivery optimization.
WSUS Replica
It is also possible to configure a WSUS replica such that while the controls process is done as usual with the WSUS Primary, the patches themselves are downloaded to the WSUS Replica from Microsoft Update Center (Microsoft.com) instead of being download from the WSUS Primary. This setting is done by configuring the WSUS Options -> Update Files and Languages -> Update Files and selecting the option of 'Download files from Microsoft Update; do not download from upstream server'
Note1: In order for this setting to work, WSUS replica needs to have access to the Internet, specifically these Microsoft URLs.
Note2: If a replica is pointing to the internet and the primary is storing updates, you can setup GPO to have endpoints point to primary WSUS and fall back to replica for high-availablily
Comments
0 comments
Please sign in to leave a comment.