Home / server / Questions / 713533
Accepted
Greg
Asked: 2015-08-12 22:14:29 +0800 CST

WSUS Configuration

  • 772

We currently have a WSUS server running in our primary office. Our branch offices currently connect to the primary over our WAN to download updates. This is obviously not ideal as each PC is connecting over the WAN and downloading multiple copies.

We are now putting a small server in each of the branch offices. We are able to setup the branch office to be a downstream WSUS server receiving updates from our primary server, which means we only push out the updates once which is good.

What would be even better for us is if we can have our upstream server in our primary office where we manage everything (e.g. approve updates) which push out to our downstream servers, but then our downstream servers download their own copy of the update directly from Microsoft. This would free up some more of our limited bandwidth in the primary site.

Is this possible? Does Microsoft have a guide on how to set this up?

wsus

3 Answers

  1. Best Answer

    Absolutely possible

    This TechNet article shows the options

    and the comment at the bottom specifically shows how to receive the update approvals,

    Configuring downstream servers to obtain content from Microsoft

    In addition to configuring clients to download directly from Microsoft, it is also possible to configure the WSUS Downstream Server to download content files directly from Microsoft.

    1. In the left pane of the WSUS Administration Console, click Options.

    2. In Update Files and Languages, click the Update Files tab.

    3. Under "Store update files locally on this server", enable the option "Download files from MIcrosoft Update; do not download from upstream server". This option will be enabled for selection when the server is configured as a downstream server.

    I hope this helps please mark it as ther answer and vote as helpful.

    many thanks

    Ed

    • 2

  2. Yes, this is possible. For each WSUS you can choose where it stores its updates - locally or not.

    • In the WSUS Administration console, click Options.
    • Click the Update Files tab.
    • Select the Do not store updates locally; computers install updates from Microsoft Update check box.

    Technet

    • 1

  3. if you are into scripting, probably you can use the /bypass_wsus option of the command line tool Wuinstall (http://www.wuinstall.com) to get the updates directly from windows - the command goes like this:

    wuinstall /install /bypass_wsus

    however, to install exactly the updates your wsus has approved i would do a

    wuinstall /search

    first (lists approved updates from WSUS without downloading or installing) save the resulting updates to a file and then use the /matchfile option together with /bypass_wsus and /install to install exactly those updates from the Microsoft Update site

    • 0