Forum Discussion
Define Patch Approvals in WSUS but pull patches from Internet
We currently use WSUS to distribute Microsoft patches and also use Solarwinds Patch Manager to push 3rd party patches into WSUS. This allows us to fully patch an endpoint with all MS and 3rd party software patches via Windows Update Agent/WSUS. We now have a fleet of laptops connected back to our Datacenter via a VPN and they are consuming a lot of bandwith during patching cycles.
We have the following challanges:
- We do use some throttling on BITS/Delivery opitmization but have had mixed results
- We have MECM but don't use Cloud Management gatway as was deemed too expensive. we have not moved patching to MECM yet.
- If we use Windows Update for Business we cannot patch 3rd party updates and loose some control around pilot groups and reporting in our estimation
Q: So is there a way for us to continue to define the approved patches/metadata via WSUS but have the system pull the patches files from the internet (Windows Update) source? Perhaps this is possible with MECM?
shocko yes that's absolutely possible. Setup WSUS with TLS 1.2 on a mainstream supported Windows Server OS (currently WS 2022 only).
consider ajtek WAM subscription and check docs there for setup of WSUS, lots of things to obeye, easiest with ajtek WAM blog rather WSUS docs. remember WSUS is old tech, unfortunately not deprecated as also being used by MEMCM.
you can setup WSUS / MEMCM as you are used to but just setup WSUS to NOT download any updates. Then it will only fetch metadata.
ajtek WAM still will help you even with MEMCM and fixes some issues like OS version display etc.sidenote when your licensing allows Intune, checkout the improved reportings that became available some weeks ago. Third party patching is still a thing that require MEMCM and as such hybrid join.
but alternatives on the run. Like Intune (native) with WinGet, TUGI Packaging Tools + PSADTK, Company portal. and winget.pro for LOB apps not being part of winget public repo.
Delivery Optimization policy is a must-have also required for Teams 2.0.please mark best response if this helped you! Good luck!