ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Wsus for remote vpn and on-premise users

    Scheduled Pinned Locked Moved IT Discussion
    patchingwsus
    42 Posts 7 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Fredtx
      last edited by

      @fredtx said in Wsus for remote vpn and on-premise users:

      I will have to stick with this solution for now.

      Because it's a mandate from before you started that they just didn't get around to yet?

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Fredtx
        last edited by

        @fredtx said in Wsus for remote vpn and on-premise users:

        The goal is to improve and simplify how patching is handled for both servers and workstations. Currently there is no kind of process in place.

        Sure, but our point in the thread is that WSUS isn't a good means to that end. If anything, the purpose of WSUS is to avoid that goal (not exactly, but in practice.)

        1 Reply Last reply Reply Quote 0
        • notverypunnyN
          notverypunny
          last edited by

          If you're starting from scratch I'd suggest taking a serious look at leveraging TacticalRMM (or something paid if you really want to spend money) instead of WSUS. (As mentioned by others)

          If you do have to go the WSUS route for whatever reason(s) make sure to automate the maintenance scripts that microsoft references / provides in their online documentation. Why they don't integrate those scripts into the core product is something that I'll never understand but hey, they're making $$$ and I'm just a sysadmin.

          scottalanmillerS 1 Reply Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller @1337
            last edited by

            @pete-s said in Wsus for remote vpn and on-premise users:

            @fredtx said in Wsus for remote vpn and on-premise users:

            @dashrender said in Wsus for remote vpn and on-premise users:

            What is the goal here? to keep the servers up to date? Do you really want WSUS to update your servers 'whenever'? Most people don't, could lead to an unexpected reboot in the middle of the day.

            Of course I would not want the servers to reboot in the middle of the day. I would have to discuss with management on maintenance windows of downtime, since this is a manufacture business where some sites run 24/7.

            The goal is to improve and simplify how patching is handled for both servers and workstations. Currently there is no kind of process in place.

            We do some of that and the most mission critical servers are handled manually. Patched, rebooted and verified that everything works.

            Basically there are different categories of servers and workstation and each category is handled differently depending on how mission critical it is.

            Agreed. Critical servers we tend to do by hand, and often.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Fredtx
              last edited by

              @fredtx said in Wsus for remote vpn and on-premise users:

              Is logging in the console of windows servers the best way to install patches? What if there was 100 servers? That seems like a lot of overhead.

              If they are critical, yes it is. In most cases.

              But in one post you said that "best" had no place and WSUS, even though it is bad, HAD to be used as you didn't have the option to do something better (or even good.) Is "best" really on the table as a concern? At this point "adequate" is really the point to strive for (I'd consider WSUS the worst case scenario short of just giving up on updates.)

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @notverypunny
                last edited by

                @notverypunny said in Wsus for remote vpn and on-premise users:

                If you're starting from scratch I'd suggest taking a serious look at leveraging TacticalRMM (or something paid if you really want to spend money) instead of WSUS. (As mentioned by others)

                Yup, that's EXACTLY what I was thinking. Free, no licensing overhead, way less effort to configure, maintain and use. Far easier to understand. Isn't limited to Windows should that ever matter. Does tons and tons of stuff outside of just patching and reporting.

                This is what we use and as it is free, it always makes me wonder what role something like WSUS would ever play given that Tactical covers the features of WSUS you generally want without all of the cost and limitations.

                1 Reply Last reply Reply Quote 1
                • ObsolesceO
                  Obsolesce
                  last edited by

                  You can use Windows Update for Business. No need for WSUS.

                  DashrenderD 1 Reply Last reply Reply Quote 2
                  • DashrenderD
                    Dashrender @Obsolesce
                    last edited by

                    @obsolesce said in Wsus for remote vpn and on-premise users:

                    You can use Windows Update for Business. No need for WSUS.

                    Is there any type of reporting in that?

                    FredtxF ObsolesceO 2 Replies Last reply Reply Quote 0
                    • FredtxF
                      Fredtx @Dashrender
                      last edited by

                      @dashrender said in Wsus for remote vpn and on-premise users:

                      @obsolesce said in Wsus for remote vpn and on-premise users:

                      You can use Windows Update for Business. No need for WSUS.

                      Is there any type of reporting in that?

                      Looks like there's some built-in reporting in Azure.

                      Monitor Windows Update with Update Compliance

                      1 Reply Last reply Reply Quote 0
                      • ObsolesceO
                        Obsolesce @Dashrender
                        last edited by

                        @dashrender said in Wsus for remote vpn and on-premise users:

                        @obsolesce said in Wsus for remote vpn and on-premise users:

                        You can use Windows Update for Business. No need for WSUS.

                        Is there any type of reporting in that?

                        Yes, multiple methods of reporting... reporting out the ass.

                        DashrenderD 1 Reply Last reply Reply Quote 1
                        • DashrenderD
                          Dashrender @Obsolesce
                          last edited by

                          @obsolesce said in Wsus for remote vpn and on-premise users:

                          @dashrender said in Wsus for remote vpn and on-premise users:

                          @obsolesce said in Wsus for remote vpn and on-premise users:

                          You can use Windows Update for Business. No need for WSUS.

                          Is there any type of reporting in that?

                          Yes, multiple methods of reporting... reporting out the ass.

                          As long as you have Azure AD - pretty sure you can use WUfB without it.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Dashrender
                            last edited by

                            @dashrender said in Wsus for remote vpn and on-premise users:

                            @obsolesce said in Wsus for remote vpn and on-premise users:

                            @dashrender said in Wsus for remote vpn and on-premise users:

                            @obsolesce said in Wsus for remote vpn and on-premise users:

                            You can use Windows Update for Business. No need for WSUS.

                            Is there any type of reporting in that?

                            Yes, multiple methods of reporting... reporting out the ass.

                            As long as you have Azure AD - pretty sure you can use WUfB without it.

                            Can't?

                            1 Reply Last reply Reply Quote 0
                            • FredtxF
                              Fredtx
                              last edited by

                              So a little background about this company I'm trying to implement patch management, is that it's growing through acquisitions. There's currently about 12 locations, and I just heard recently they acquired another company, which adds it to 13 locations. I'm wondering if implementing an RMM will benefit this company for the future? They are growing at a fast rate, and it doesn't appear to be slowing down.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Fredtx
                                last edited by

                                @fredtx said in Wsus for remote vpn and on-premise users:

                                So a little background about this company I'm trying to implement patch management, is that it's growing through acquisitions. There's currently about 12 locations, and I just heard recently they acquired another company, which adds it to 13 locations. I'm wondering if implementing an RMM will benefit this company for the future? They are growing at a fast rate, and it doesn't appear to be slowing down.

                                In my opinion, RMM almost always makes sense. It's weird that internal IT departments use it so infrequently. What makes it logical for MSPs also makes it logical for internal IT. There is little different between an MSP and internal IT. Once in a great while that difference could be reflected in different tooling. But typically, it would not. The similarities are too close.

                                Most internal IT today is heterogeneous and that almost guarantees that RMM is the right approach over more "traditional" internal tools. Most internal tools are built around homogenous LAN environments, not disparate heterogenous environments.

                                ObsolesceO 1 Reply Last reply Reply Quote 1
                                • ObsolesceO
                                  Obsolesce @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Wsus for remote vpn and on-premise users:

                                  There is little different between an MSP and internal IT.

                                  They are basically the same thing. In many cases the internal IT is a separate entity that basically bills the company and/or child companies, but is on the payroll of the company.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Obsolesce
                                    last edited by

                                    @obsolesce said in Wsus for remote vpn and on-premise users:

                                    @scottalanmiller said in Wsus for remote vpn and on-premise users:

                                    There is little different between an MSP and internal IT.

                                    They are basically the same thing. In many cases the internal IT is a separate entity that basically bills the company and/or child companies, but is on the payroll of the company.

                                    Yup, the key difference isn't their relationship to the rest of the org, effectively MSP, ITSP, Internal IT, etc. are all external in how they are approached. Only how they are paid really differs and the staff don't always see that.

                                    What makes the two different is that an Internal IT department (even one treated as a consulting group) has only a single top level customer and MSPs have multiple. That's really it.

                                    And that doesn't always make a real difference. If the top level internal IT customer doesn't force all underlying groups to unify under a single IT strategy you get an effective situation of multiple customers, sometimes as you said, even with separate billing.

                                    1 Reply Last reply Reply Quote 1
                                    • 1
                                    • 2
                                    • 3
                                    • 1 / 3
                                    • First post
                                      Last post