In this case I’d highly recommend using WSUS with SQL, instead of the WID (Windows internal Database), and make sure your keep the WSUS database clean. After an admin approves the “needed” update, WSUS will reach out and download the update making it available to the host.įor offline synchronization, in a use case where you can’t have that back and forth communication to sync/download only “needed” and approve from there, technically you’d need to synchronization all categories, and then approve all updates which would probably be 100’s of GB or even possibly TBs of data. Your case is interesting, because typically in most environments there’s the master synchronization, and then as clients contact WSUS, admins approve updates that are “Needed”. To load them offline, I don’t even know if this is possible (I haven’t Google’d it), but could you put a Windows ISO on a network share, and use DISM to install components or roles you need for your specific use case? If you’re doing this for Features and Roles, I don’t think this will work for your scenario. Having them completely cut off kinda breaks that, lol. The resolutions I’ve posted allow the Windows workstations to bypass WSUS to install Features or Roles. Please see an example of the configuration below: Wait for your GPO to update, or run “gpupdate /force” on the workstations.Make sure “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” IS checked.Make sure “Never attempt to download payload from Windows Update” is NOT checked.Double click or open “Specify settings for optional component installation and component repair”.Navigate to “Computer Configuration”, “Policies”, “Administrative Templates”, and then “System”.Make sure it applies to the computers you’d like Create a new GPO, or modify an existing one.Open the group policy editor on your domain.Enable download of “Optional features” directly from Windows Update The workstations will still use your WSUS server for approvals, downloads, and updates, however in the event content is not found, it will query Windows Update. To resolve this, you need to modify your domain’s group policy settings to allow your workstations to query Windows Update servers for additional content. You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” when running DISM to install packages. NET Framework, Language Speech packs, etc… This will stop you from installing things like the RSAT tools. If you are running Microsoft Windows in a domain environment with WSUS configured, you may notice that you’re not able to install some FODs (Features on Demand), or use the “Turn Windows features on or off”.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |