Home / server / Questions / 282697
Accepted
GMitch
Asked: 2011-06-22 09:50:08 +0800 CST

Updating server behind a firewall

  • 772

I currently have 4 server that sit behind a firewall and do not have internet access. In fact they are locked down pretty tight. The 5th server on the network (the domain control) however, has outside/internet access. I need to apply updates to all 5 of these servers. I cannot for one second allow an internet connection to the other servers unfortunately. (Contract reasons). It is my understanding that I can run a command within each server that allows me to check for the most recent updates on that server and then download the required updates from the internet server. If that makes sense.

I have heard something about MBSA allowing this capability or something along that nature. Are there any other suggestions I may want to look into to get the servers updated behind a firewall with the most recent updates? Also what command line prompts would I look into using to make this project work?

windows command-line-interface windows-update

1 Answers

  1. Best Answer

    You should look into WSUS (Windows Server Update Service), free tool, that does exactly what you want.

    It runs on one server with Internet access, and takes care of updating other servers behind the firewall.

    Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network.

    Note that you should not run this on the domain controller, so if licensing allows it deploy a new machine for this purpose.

    • 4