Currently I have a two domain enviroment of vista with all machines calling into WSUS. The with the recent advent of IE8 being avaliable through WSUS that's been great. However I want to stop IE8 from being adverstied and for the life of me I can't find it in WSUS. There are plenty of blocker tool kits out there but they are regestry settings on the local machine and sadly my enviorment is large enough that going and touching each machine(darn you UAC!) is unfeasable at best.
Has anyone been able to stop WSUS from advertising IE8 and can point me in the direction of how to do this?
Thank you in advance
If you're running a WSUS update server you can pick and choose what updates are allowed to go out to your clients. I have to okay what groups get what updates within my WSUS server...supposedly the clients don't see those updates that I discard.
How about rolling those registry settings into an MSI and deploying it via a GPO? Use something like WinInstall LE or Visual Studio to build the MSI; job done.
Part of an auditable WSUS deployment is making sure that your clients don't automatically get their updates from anywhere else. A GPO that directs their Automatic Updates service to your WSUS server is essential.
By default, WSUS will wait for you to approve newly received updates before they're advertised to clients. If you haven't approved the IE8 packages, they won't be advertised.
Based on your problem description, either your clients are getting IE8 from somewhere other than your WSUS server (i.e. Microsoft's Windows Update service) or your WSUS server auto-approved the IE8 deployment package.