What would you use to replace WSUS from SBS



  • I have a location that had a SBS 2008 server in place until March 25, 2015.

    That machine was replaced by Server 2012R2 for the DC and shares with Exchange Online for email. Everything is humming along nicely.

    Except I have never setup a WSUS server to replace what was there. This site has 8 desktops and 2 laptops in additions to the server VM's.

    Logged in to a user machine to set something up and was prompted by Windows 8 that it had a problem talking to the update server.. Yup, it would as that server VM was deleted in March.

    img

    So before I enable WSUS or reset the GPO to point them back to MS servers, I would ask what would all of you use for an office of this size?

    GFI, WSUS, InTune, go direct? The office has a standard business cable connection from Cox. Bandwidth is not an issue for something like this.

    Checking online resulted in this:
    img



  • If they are not adverse to a subscription, I'd look at any of the third party products you like best, especially one that allows you to update non Windows components like Flash and Adobe Reader (assuming you have them deployed).

    If they are spending adverse, you're only option is WSUS, though I would have the clients pull the update files directly from MS and not download them to the server, as I'm sure you already know they are storage hungry!



  • I would set them up to point back to your main WSUS server (if you have one, and they have access to the main site)

    Updating the GPO to point to a different WSUS server for such a small office would only take a few minutes to change, and maybe an hour to propagate.



  • @DustinB3403 said:

    I would set them up to point back to your main WSUS server

    There is no WSUS server in place now. Hence the point of the question.

    For now, I updated the SBS GPO to "Not Configured" so the machines will pull updates down.



  • I may have assumed, but is this a client, or a remote site?

    Is there any reason they can't use your main WSUS server? (Again assuming you have 1 running off site)

    I know there is none running on site as it was deleted in March.



  • @JaredBusch said:

    @DustinB3403 said:

    I would set them up to point back to your main WSUS server

    There is no WSUS server in place now. Hence the point of the question.

    For now, I updated the SBS GPO to "Not Configured" so the machines will pull updates down.

    My only concern with downloading updates directly from Microsoft is that there isn't anything for force those to complete the installation. Unless you have another GPO that performs weekly reboots.



  • @DustinB3403 said:

    I may have assumed, but is this a client, or a remote site?

    Is there any reason they can't use your main WSUS server? (Again assuming you have 1 running off site)

    I know there is none running on site as it was deleted in March.

    No problem, everything is a client. I am an IT consultant. So there is nothing else for this site.



  • Ah....

    Sorry for the confusion then. Do they have the resources to run another WSUS server and proper licensing? It really is quite a simple solution.

    PDQ Deply has options for 3rd party app updates etc, but requires annual renewal.



  • @DustinB3403 said:

    Ah....

    Sorry for the confusion then. Do they have the resources to run another WSUS server and proper licensing? It really is quite a simple solution.

    PDQ Deply has options for 3rd party app updates etc, but requires annual renewal.

    Oh, I can easily setup WSUS on one of their existing VMs. Just not really sure I want to with the size overhead for this many users.



  • Well which is more of a concern for you, the client being Out of Date with security patches, or taking 2GB and 2vCPU's to run a server?

    Which is more beneficial to the client?



  • @DustinB3403 said:

    Well which is more of a concern for you, the client being Out of Date with security patches, or taking 2GB and 2vCPU's to run a server?

    Which is more beneficial to the client?

    Not too worried about being out of date because I can still use the GPO to force the download and install schedule. Users won't be able to change that.

    GFI was mentioned and they let you setup a concentrator. But that costs money and the client has not had to spend money for this prior.



  • Are you only concerned about Windows patches, or Windows and all 3rd party software?



  • @DustinB3403 said:

    Are you only concerned about Windows patches, or Windows and all 3rd party software?

    Only WSUS replacement really.



  • There's Nitrobit which is an Open Source WSUS that runs on Linux, and there is some paid options (of what I'm not sure). This would still have to be run on something, as a VM or physical machine.

    Besides that I've never really seen or used anything else, and I've only ever used WSUS.

    Nitrobit may work well enough as you'd have 1 less machine to worry about, generally speaking with regards to viruses etc.



  • I know someone who was going on and on about how nice IBM BigFix is. I've never used it, so I can't say anything other than they were using it as a replacement for WSUS.



  • D&D fan? Topic Necromancer +1

    Had a look into this and came across a few solutions, namely Comodo One PM, Nitrobit and others.

    What I am looking for is something that can be installed on Linux. I would prefer something that can mimic a WSUS -> no dedicated client to install and maintain.

    Support for 3rd party (JAVA) is a big plus



  • @JaredBusch said in What would you use to replace WSUS from SBS:

    @DustinB3403 said:

    Ah....

    Sorry for the confusion then. Do they have the resources to run another WSUS server and proper licensing? It really is quite a simple solution.

    PDQ Deply has options for 3rd party app updates etc, but requires annual renewal.

    Oh, I can easily setup WSUS on one of their existing VMs. Just not really sure I want to with the size overhead for this many users.

    Hey Jared, sorry if I sound a little lost, but what is the overhead you're referring to? You pretty much only have two options: Deploy a WSUS server and use a GPO (or regedit) to make the workstations talk to it, or you can manually install updates once per month (or per quarter). I would think you could easily deploy a very small WSUS server (either on 2008 or 2012) using WID and about a 60-80gb hard drive. You could even make it one of the guest VMs.



  • @Shuey said in What would you use to replace WSUS from SBS:

    @JaredBusch said in What would you use to replace WSUS from SBS:

    @DustinB3403 said:

    Ah....

    Sorry for the confusion then. Do they have the resources to run another WSUS server and proper licensing? It really is quite a simple solution.

    PDQ Deply has options for 3rd party app updates etc, but requires annual renewal.

    Oh, I can easily setup WSUS on one of their existing VMs. Just not really sure I want to with the size overhead for this many users.

    Hey Jared, sorry if I sound a little lost, but what is the overhead you're referring to? You pretty much only have two options: Deploy a WSUS server and use a GPO (or regedit) to make the workstations talk to it, or you can manually install updates once per month (or per quarter). I would think you could easily deploy a very small WSUS server (either on 2008 or 2012) using WID and about a 60-80gb hard drive. You could even make it one of the guest VMs.

    When I was supporting Office 2010 and Office 2013, Windows 7 and 8.1 I needed more like 120 GB to hold all of the updates, and monthly had to do the cleanup or I would run out of disk space.



  • @Dashrender said in What would you use to replace WSUS from SBS:

    @Shuey said in What would you use to replace WSUS from SBS:

    @JaredBusch said in What would you use to replace WSUS from SBS:

    @DustinB3403 said:

    Ah....

    Sorry for the confusion then. Do they have the resources to run another WSUS server and proper licensing? It really is quite a simple solution.

    PDQ Deply has options for 3rd party app updates etc, but requires annual renewal.

    Oh, I can easily setup WSUS on one of their existing VMs. Just not really sure I want to with the size overhead for this many users.

    Hey Jared, sorry if I sound a little lost, but what is the overhead you're referring to? You pretty much only have two options: Deploy a WSUS server and use a GPO (or regedit) to make the workstations talk to it, or you can manually install updates once per month (or per quarter). I would think you could easily deploy a very small WSUS server (either on 2008 or 2012) using WID and about a 60-80gb hard drive. You could even make it one of the guest VMs.

    When I was supporting Office 2010 and Office 2013, Windows 7 and 8.1 I needed more like 120 GB to hold all of the updates, and monthly had to do the cleanup or I would run out of disk space.

    Obviously there will be some variables to consider. I was basing my recommendation off our current WSUS setup (over 200 workstations, and 30 servers) vs his environment (8 desktop, 2 laptops and some unnumbered servers). Up until recently when MS changed the way the update cycle works, I cleaned our db every month and we've been doing completely fine with an 80GB hard drive on the server.