WSUS Help
- 
 I amazes me that some of us manage Windows Systems and we still complain about them when it is our job to work with them....Not everything in Microsoft System is perfect nor does everything in Linux./ You're right. Dont complain about anything or ask for improvements. Bend over and take it from Microsoft. If nothing changes, why continue to use it correct? You have to complain to articulate why it should be avoided. My response has certainly been to avoid it or, more often, actively remove it from environments. 
- 
 As i've mentioned, i'd not setup a wsus server before that i put into production. I had setup wsus servers before, but never had any joy with them so never released them to production and never used one. I looked at wsus alternatives and I perceived that there was going to be just as much work installing, learning and maintaining the alternatives as there was going to be with wsus. Then I thought, wsus will give me another MS skill and/or increase my MS knowledge base, it's also free, so went with that. we have to remember it's the stuff that doesn't work all the time that keeps us in jobs, if everything just worked out of the box, you could Mary from accounts to put it all together and we'd be out of a job. 
- 
 
- 
 @obsolesce said in WSUS Help: @obsolesce From what i can tell MS hasnt updated WSUS in any way since 2013. There's no need to... what could they possibly do to make it any better? I really hope you are joking.... Well ya, what would you add or take away from WSUS to improve it that would work globally? 
- 
 @obsolesce said in WSUS Help: @obsolesce said in WSUS Help: @obsolesce From what i can tell MS hasnt updated WSUS in any way since 2013. There's no need to... what could they possibly do to make it any better? I really hope you are joking.... Well ya, what would you add or take away from WSUS to improve it that would work globally? Being able to manage update groups without group policy, a much better approval/denial system for updates, better classification of updates, more deployment options, a more scalable infrastructure, and a web interface.... Just to name a few things off the top of my head. 
- 
 we have to remember it's the stuff that doesn't work all the time that keeps us in jobs, if everything just worked out of the box, you could Mary from accounts to put it all together and we'd be out of a job. Not really, I know that we say that often, and there is some merit to it. But in reality, the best jobs go to the people who help companies avoid the stuff that doesn't work, rather than happily getting paid to fix it. Think about it from a CEO's seat... would you rather pay IT Person A to "fix things that just don't work but they use anyway" or pay IT Person B who "carefully helps the company navigate solutions to find the ones that make it run the most smoothly?" CEOs don't want things fixed, they want them to work (and cheaply.) 
- 
 
- 
 
- 
 
- 
 
- 
 
- 
 
- 
 @obsolesce said in WSUS Help: deployment options Like what? WSUS deploys them great, and Win10 does it peer to peer style with options to turn it off. What more do you need? Have you never used another patch solution? You can tell me how great internet explorer is all day and about every feature it has. It sounds great on paper, but once you use another browser, you'll never use IE again. 
- 
 @obsolesce said in WSUS Help: deployment options Like what? WSUS deploys them great, and Win10 does it peer to peer style with options to turn it off. What more do you need? To not have the cost and overhead of WSUS, to not have the reliability issues, to not have the sprawl and maintenance tasks. 
- 
 @obsolesce said in WSUS Help: deployment options Like what? WSUS deploys them great, and Win10 does it peer to peer style with options to turn it off. What more do you need? Have you never used another patch solution? You can tell me how great internet explorer is all day and about every feature it has. It sounds great on paper, but once you use another browser, you'll never use IE again. This kind of sums it up. If WSUS was the ONLY way, then sure. But often the best option is just "remove WSUS" and "do nothing else". For those that need more, there are options. But most WSUS deployments are just attempting to solve problems that don't exist, while introducing loads of new ones. 
- 
 @obsolesce said in WSUS Help: Being able to manage update groups without group policy You can, local policy on non domain members works well. This one bothers me ALOT. Why do they have to be controlled by policies, period? Why cant you create a collection from WSUS by DNS name or IP? That really doesnt make sense to me. 
- 
 @obsolesce said in WSUS Help: Being able to manage update groups without group policy You can, local policy on non domain members works well. This one bothers me ALOT. Why do they have to be controlled by policies, period? Why cant you create a collection from WSUS by DNS name or IP? That really doesnt make sense to me. Because Microsoft likes to tie everything together. 
- 
 @scottalanmiller said in WSUS Help: But often the best option is just "remove WSUS" and "do nothing else". This is what I've said a few times lately. But because I have to use WSUS, it's working well. 
- 
 @obsolesce said in WSUS Help: @scottalanmiller said in WSUS Help: But often the best option is just "remove WSUS" and "do nothing else". This is what I've said a few times lately. But because I have to use WSUS, it's working well. Why do you "have" to use it? 
- 
 @scottalanmiller said in WSUS Help: @obsolesce said in WSUS Help: @scottalanmiller said in WSUS Help: But often the best option is just "remove WSUS" and "do nothing else". This is what I've said a few times lately. But because I have to use WSUS, it's working well. Why do you "have" to use it? Because we use Windows 10 and without WSUS, we can't guarantee stability of production systems, equipment, and user PCs. We don't use Enterprise Win10, so we need WSUS. Probably need it anyways, but still. 




