Portable WSUS Solution

hi all,

currently company , looking designing portable wsus solution.  our goal have computer or laptop installed windows server 2008, latest wsus server component, not joined domain, , bring our clients deploy updates instead of updating individual computers , servers.

the reason to, one, spare internet connection.  since aren't present @ these clients, weeks or months before update computers, leave large amount download per computer.

secondly, trying avoid putting wsus on servers, of them aging , maxed out far resources.

if there's other offline update method that's out there, i'm open suggestions.

any appreciated.  can't seem find online or best practices microsoft.

 

thanks in advance.

 bill de sandro

usually insignificant hardware needs priced license server 2008.

wsus can still installed on windows server 2003 web edition supporting small organizations. no cals required (although it's these organizations have cals if have server @ all).

a *server* license, without cals, not expensive, honest. winserver x86 retail package available online @ little $150. dell has entry servers can run entire needs of business little $400.

as putting on production server, avoid that.

windows small business server, microsoft explicitly designed such deployment scenarios -- organizations 75 clients or less -- ships wsus pre-installed. there no reason why wsus cannot installed on existing server support organization few dozen clients. product free; if server deployed use it.

assuming spla, i'm thinking depolyment best via script or local policy edit.  use group policy in situations, if possible make universal method situations not work.

i think depends lot on "interim" plan dealing aforementioned potential zero-day issues , out-of-band security updates need installed minimum of delay. it's conceivable leave clients configured use wsus server 24x7x365, , take wsus server away (on notebook). wuagents log lots of "cannot connect" errors when server gone -- , won't updates @ in interim. in emergency gpo can enabled temporarily disable wsus connectivity , revert using automatic updates -- if that's done, prior discretionary decisions made update approvals go down drain because client install available critical/security updates if pointed au.

the *best* solution, imnsho, deploy onsite wsus server , point out overly frugal businesses there costs associated maintaining computer equipment, , 1 of required costs ensure security updates installed in timely manner. fact microsoft provides free software automate task makes near impossible understand why it's not deployed in every business windows operating systems.

<soapbox mode=on>

frankly, honest, frustrated hearing small business owners whine cost of technology. if they're undercapitalized maybe time shutdown business in orderly fashion , go on else's payroll, before ruin lives of employees when business hard-crashes because virus, trojan, or security exploit takes entire business offline week while computer systems rebuilt scratch.

if business owner cannot afford single server license install wsus server, they're in deep financial trouble, imho. and, technology consultant, wouldn't putting lot of faith in client continued revenue stream, either!

almost annoying technology consultants coddle , enable such unenlightened fiscal philosophies. :-)

i'd bet when auto mechanic tells them company car needs new set of $600 tires don't second guess expenditure!

</soapbox>

---

lawrence garvin, m.s., mcitp:ea, mcdba, mcsa
principal/cto, onsite technology solutions, houston, texas
microsoft mvp - software distribution (2005-2010)
mvp profile: http://mvp.support.microsoft.com/profile/lawrence.garvin
blog: http://onsitechsolutions.spaces.live.com

Windows Server  >  WSUS