1

We set up Windows domains from scratch and then all servers (2003, 2008 R2, 2012, etc) sit offline (including DC's) for months before being used again. This causes a nightmare when trying to patch the servers once they are turned on again since they are so out of date. The current method is to log in individually and update them manually one by one (domains may include 10 server or 50 servers), which takes forever!

I had a thought of trying to speed this up by sharing a WSUS server to provision updates. My question is would this be feasible? Would it be practical to share one WSUS for all the domains (given I remove it and join to each domain when needed).

My concerns are with:

  1. Storage, I can't keep a years worth of patches for all the OS's
  2. Because of storage constraints, how would I go about downloading patches for each domain that I want to patch that say is 5 months old and then the next one is 1 month old and then back another one that is 6 months old. This is going to be my first time working with WSUS.
David Makogon
  • 2,768
  • 1
  • 20
  • 29
yellowjacket21
  • 53
  • 5

1 Answers1

2

WSUS isn't tied to AD, and as such, you could use a single WSUS server to provide updates to all of your domains.

As for the WSUS storage requirements for less than 500 WSUS clients you only need ~20GB of disk space.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Oh awesome, thanks for the info. What about using the WSUS for servers that are not part of the domain? I found this https://community.spiceworks.com/how_to/85392-wsus-targeting-for-non-domain-computers It seems that this is the only way to do it and I guess creating a script to execute and set the settings would be easy enough – yellowjacket21 Jun 28 '16 at 18:05
  • @yellowjacket21 Those steps should work for non-domain PCs. Those are the same registry keys used by Group Policy to set the server information in a domain environment. – tfrederick74656 Jul 05 '16 at 00:22