Anyone using WSUS?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all, After just a few months in desktop support my boss is happy with what I am doing and has informed me that I will take on the responsibility for looking after a few servers in the next few weeks. Massive leap forward into the unknown so I'm trying to jump forward with my eyes open!!

On of my new tasks is to look after the patching of a large number of the company's servers (about 70-80ish yikes) the WSUS 3 is already set up with test server groups of 2000 and 2003(only a few for testing) and server groups 2000 and 2003 (its important I don't break these!!)

I already patched a server with approved tested hotfixes today and hopefully it should still be working tomorrow!

I need to learn as much about WSUS a quick as possible so I have found the WSUS Wiki (a massive help at explaining how WSUS works)and some info about it on the Microsoft site but I was wondering if you guys who use it could share some tips with me, I'm particularly interested on how long and how you test your hotfixes and patches before you install them on your working servers. Also I'd love any links to websites or forums that post info about potential problems with patches.

Thanks in advance guys.

Oh yeah, sorry if I posted in wrong forum.... i was not too sure where to post this question.

 

Folks, this is EXACTLY how to move up in your IT career, from PC repair tech to desktop support tech to systems administrator to network administrator. It works, without fail. If you're good at what you do, people will notice, and you will be allowed to take on new responsibilities.

Major congrats, VI!

 

What sparks said.

I would also add that you should, in my experience - NEVER install any patches on production systems that deal with database or database access without thoroughly researching their impact on a test system. This is especially true with things like MDAC and, as sparks said, updates to the .net framework.

Also, I havent quite had the balls yet to switch to using the full update malarkey for Office & the like. You might have a bit more of an adventurous side to you than me - personally, I don't want 4500 people screaming in my earhole because a hot'fix' for some stupid unused element of Office has broken Word or Excel

 

I set up a WSUS 2.0 server to look after updating our 75 XP client machines. All went well until the IT manager was informed that on some updates, despite being configured not to request a restart, the users were being asked to restart their machines at friday lunchtime (Heaven forbid! Has anyone ever heard of anything so outrageous).
He then proceeded to lecture me about how 'unprofessional it was to expect consultants to restart their machines'. So I disabled it, and it has remained so since.
It was quite simple to set up and use though.

Cheers
NB

 

Yep. Just today I had a consultant phone asking for help regarding getting the wireless aircard in his laptop to connect to the internet. When i told him to eject the card and reboot I was greeted with a torrent of effing this and effing that. He was saying all this in front of our customers.
Anyway 2 mins later he was happy as larry 'cos he could get his email.

Cheers
NB

 

Unfortunately, that's what we get paid for in IT to bear the grunt of some ungrateful users on a seriously note I'd say turn the computer off by pressing the buttom on the box firmly for few seconds. I still think a lot of elite users do not understand what reboot the computer means

 

LOL

 

Or how about this beaut I had just the day before yesterday.

Background - Our AV server (which had been apparently been set up by a blind, armless retard as 93% of the clients had DAT files from 2004 and the other 7% were between three months and three years out of date depending on what the poor helpdesk staff had managed to cobble together to manually 'fix' viruses that lUsers had contracted) went tits up a month or so ago. I've reinstalled everything, configured a proper directory & updating process, pushed out the correct agent - yada yada yada.

Anyhoo - there are still about sixty clients out of 3000-odd that have either an outdated DAT or old Engine and aren't receiving updates from the servers because the agent install is fubared - they need a new agent pushed out manually with the old one being deleted. I don't mind doing this (thankfully its about all the contact I have with the great unwashed) and have been contacting them as and when their non-compliant machines (usually laptops) are detected by our NAC box.

One user, who works quite high up in 'Professional Development' (management-ese for 'we had to promote them so we dumped them upstairs where they're out of the way and can't break anything important) called me after I popped a message up on his desktop (with my phone number on it). First thing he said was 'You have just given me a virus'. I patiently advised him to read the message again - which read:

"Hi - please call the ITSO - I need to update the antivirus client on your machine. Thanks"

He then proceeded to admonish me for 'worrying him' by throwing the message up on his screen. At this point I pointed out that I had sent him no less than eight emails over the past week telling him to contact me as the work was urgent, and that he had ignored them all. He refused to accept that he had received ANY emails from me - and called me a 'liar'. I made some pretence about there being a 'possible problem' with the mail client on his machine, so damewared onto it and opened his mail cloient. One quick opening of his Deleted Items folder and a 'sort by sender' later - all eight mails - five read, three unread were staring him in the face. Even faced with this damning evidence, he refused to admit it, at which point I had pretty much lost the will to live, so asked him to call me again when he was leaving so that I could remote onto his machine again to make the necessary changes.

He rang me at about 5:30 to say he was leaving - this is how the conversation went:

lUser: "Right - I'm going. Don't break anything on my machine"
Me: "OK - make sure you log out, don't shut the machine down"
lUser: "I know, I know. Log out (actual words) What do you take me for - a ****ing idiot?"
Me: (in best conciliatory tones) "Not at all - it's just that I've had a couple of people who have shut down instead of log - " (at that point he hung up without me finishing).

I left it a couple of minutes and - lo and behold - no ping response. He'd shut the %£*&#$! thing down!!!

So I went up to his machine, powered it back on and applied an (ahem) 'slightly more restrictive' GPO to it:



Seriously - I don't know how any of you guys who work on helpdesks do it. I would cave someone's head in within a week!

 

Zeb, that's one serious user I'll say. I know exactly how you feel because I've been there my self. Thank god that I am not doing help desk or else I would off been telling the users off all the time.



Regarding the setup for WSUS, it would be a good a idea if you could set it up in a VM or something just to get an idea of what it is all about instead of just reading about it. At the moment I am setting up WSUS my self and I am using the Technet info to help me out.

 

LOL I've had that many a time!

 

Gents - you are going about it the wrong way!!

What you need is ATTITUDE.....

1. The PC's rebooted after a necessary update when I, the IT person, want them to do so. If it gets in the way of some users mindless internet browsing during lunch - too bad.
2. A manager berates me for the lack of his technical understanding, as in PC security updates are MANDATORY, well then I walk away telling him to put his objections in a logical and professional manner in an email. [A bit like how JFK had a way of shutting them up..]
3. There is no purple circle here, even the CEO's pets are liable to get there @sses flayed if they cross me on the internet and email useage side of things especially....
4. I beard managers regularly in their lairs if they promise me something but do not deliver, this has the added benefits of being catharthic for me and inspiring the regular users with fear.
5. Users get their hardware and software updates when I am ready to give it to them...appropriate noises of gratitude and occassional gifts are expected - otherwise the next set of upgrades get "delayed"
6. If I am doing a training review or exam then I am unavailable, and that means unavailable, until I am ready to be available.

My days therefore are great - folks dont bother me unless they really need me and I dont have as many PHB random objectives to deal with...

 

I think you should change your username to supab0fh.

 

Whoops, sorry for late reply on this one. I have been away visiting family for a few days. Thanks for all the kind words and encouragement guys.....but I gotta ask... would you trust me with your servers

With WSUS, I have a process I have been verbally told to follow. I am going to write this up tomorrow and have it checked out, I'll also post it up here if anyone wants a glance.

This learning server support is moving quickly and I have to pick it up fast, I was looking at MOM today... SCARY!! all those errors to learn and understand. Next is the Symantec Backup software, it feels like my head is gonna blow up sometimes, but I guess you guys all went through this.

 

looks like some good advice. Trying to get hold of users who need a certain software upgrade has proved to be a 'mare for me. People ignore emails, phone calls or give you loads of I need my PC now blah blah.

I should Tell them I am coming to upgrade them or to drop their laptop into the IT department on that day!!

 

In a nutshell lots of patience is required, a cool head with effective listening and communicative skills. Trust me it does help be it IT helpdesk or general IT support where end users are obviously involved one way or the other.