Windows 7 WSUS updates
-
Are you users using PCs 24/7? I have Windows update reboot all of our PCs between 12AM and 2AM
-
@IRJ said:
Are you users using PCs 24/7? I have Windows update reboot all of our PCs between 12AM and 2AM
This assumes the PC's are on, I've never gotten WOL to work.
Not to mention that users leave things open overnight and don't save their work.. coming in in the morning to a rebooted machine is generally unacceptable.
-
@Dashrender said:
@IRJ said:
Are you users using PCs 24/7? I have Windows update reboot all of our PCs between 12AM and 2AM
This assumes the PC's are on, I've never gotten WOL to work.
Not to mention that users leave things open overnight and don't save their work.. coming in in the morning to a rebooted machine is generally unacceptable.
Then a policy needs to be in place that at the end of the day, once they've left, anything left open but unsaved isn't your problem. After-hours or off-hours are always maintenance windows. By letting them do this, you're basically giving them all the power and eliminating your ability to properly do your job.
-
@IRJ said:
Are you users using PCs 24/7? I have Windows update reboot all of our PCs between 12AM and 2AM
Yeah, unless it's a 24/7 call center where people share PCs, this is pretty common and works well.
-
@Dashrender said:
This seems a bit extreme.
If my users don't reboot, which many don't often - how do I know they are updated?
What's extreme is that your user thinks that you are not allowed to keep the systems secure by keeping them updated.
I would rely on the reboot schedule IRJ references or if you really want to be sure they are rebooting on a schedule, I have a short powershell script that will do just that.
-
We never allow our users to turn their PCs off. We tell them we perform updates at night so they don't need to be done during the day. It works well for the IT department and the users. Who wants their PC to updated and/or reboot in the middle of the day while they are working?
-
I believe we've had discussions on WSUS Deployment groups before.
I have over 20 different groups each with 7-20 PCs. This makes staggering deployments easy because I can tell them to reboot at different times via GPO. I can also allow updates for specific PCs and not allow them on others. Its much easier to manage this way.
This also makes testing easier. You dont have to rollback everything when there is an issue. Only 7-20 PCs at a time.
-
I also disable all the update notifications. My users don't even know their PCs have been updated. Every night each PC checks WSUS, downloads and installs updates then reboots
-
@IRJ said:
We never allow our users to turn their PCs off. We tell them we perform updates at night so they don't need to be done during the day. It works well for the IT department and the users. Who wants their PC to updated and/or reboot in the middle of the day while they are working?
Here we are not allowed to leave computers turn on, specially if nobody is using.
We are using offline updates.
And Production computers are up 24/7. -
How do you do offline updates?
-
WSUS are a type of offline updates.
-
@Dashrender said:
WSUS are a type of offline updates.
Well, not really. WSUS can be used if the client is offline from the Internet but not if it is offline from the network or turned off.