There are hundreds of WSUS Server Tutorials available in the World Wild Web, and none of them fitted all my needs. I would never say that my way is the best way, but I spent quite some time with WSUS in the last few years and by now all of the servers I maintain work quite stable. (Except 2008, I hate Server 2008).
First of all sorry for the German screenshots, but I thought better German screenshots than no article. The next time I setup a en-US WSUS I will swap the screenshots.
Your best bet IMHO is to switch to Microsoft Windows Server 2016 asap. Server 2008 R2 won’t get Support for Windows 10 Feature Upgrades and Server 2012 R2 got it very delayed through an “interesting” hotfix. Windows Server 2016 seems to be the most reliable choice.
Second lesson I learned is, always install the Microsoft SQL Server Management Studio on the WSUS Server. You will need it sooner than later.
Third lesson is that WSUS will fail sooner or later, if you don’t execute a maintenance script on a regular basis. Continue reading “How I build and maintain WSUS Server”
For years we were more than unsatisfied with the options we had to choose from to patch our Microsoft Windows Servers. Without additional utility you are restricted to the few options Group Policy offers. So as I am always searching for a simple but efficient solution to such a painful problem, I combined two fantastic tools, to a powerful Windows Update Scheduler: PDQ Deploy and ABC Update.
tl;dr: If you choose option “3 – Auto download and notify for install” for your WSUS Group Policy, you can take any advanced Task Scheduler like PDQ Deploy in combination with ABC-Update to install Windows Updates scheduled the way YOU want it to be!
Prologue, where is my problem?
First let’s take a look at the options Microsoft offers us and why I refuse to rely on those. If I’m not completely mistaken the only Policy to choose when to patch Windows Updates has been “Configure Automatic Updates” since ever: Continue reading “Taking back control of Windows Update: Install Updates when you want to!”
Fast published to help everyone else, so sorry for any typos or grammatical errors! ty
On Tuesday the 2nd May 2107 Google published a new update for Google Chrome Enterprise 58.0.3029.96. After this update, nearly all of our XenApp 6.5 customers informed us, that Google Chrome stopped working for them. The browser itself opens, but it never displays any content:
Continue reading “Fix: Google Chrome Enterprise 58.0.3029.96 breaks on XenApp 6.5 / Windows Server 2008 R2 – UPDATE”
Fast published article; How to import KB4012598 for MS17-010 into your WSUS asap!
I think by now every IT administrator knows about #WannaCry. If not, here are a few links:
The important thing ist, that the fix for Windows OS younger than Vista and Server 2008 and Vista is available since march. But the fix for XP and Server 2003 has only been published on Saturday I think. But it won’t appear on your WSUS until you import it manually, and you should do that right now!
Sorry for the German screenshots, but I think it will get you there!
Continue reading “#WannaCry Microsoft Security Bulletin MS17-010: Import KB4012598 for XP and Server 2003 into WSUS”
In XenApp projects you always face the challenge to decide whether to deploy a published Desktop or different published applications for the users. Many times you will have to use a combination of both. Especially in the published application use-case, you have to find a way to allow your users manage their files with a file explorer. This might not be a problem for Fat-Client users with their Windows 10 Notebooks inside the corporate LAN. Those can simply run their local file explorer and access smb shares.
Continue reading “Tablacus Explorer is an awesome replacement for explorer.exe as a #XenApp published Application!”