WSUS is a free tool from Microsoft that enables administrators to easily manage and deploy updates across the organization. WSUS is mainly used is enterprises with AD deployments, where the WSUS settings can be easily propagated to the workstations using group policy. So how does one keep their workstation/server updated without being part of the AD domain? You can do it by
1) Edit the local computer policy of the workstation/server by running “gpedit.msc”
2) Drill down to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update and change the settings for “Specify intranet Microsoft update service location“.
3) Restart the workstation.
Good call on the windows update. I will use this for my Vmware ESX environment.
Thanks on that one but I have a better challenge, so far for me it is, if you have so many many clients that are not in your domain and they come and go all the time with different computers, look at it like a cybercafe where they bring their own laptop, 50 of them, they stay a month or 2 and they another 50 and again and again, night shift and day shift, I just simply can’t be running behind them all the time and then if the go and don’t come back they won’t be able to take the registry change (they can but you know what I mean), why: because most of the time they don’t have antivirus so we install security essentials when they come to me and we are using a VSAT and having all the guys downloading the same file to update the sec ess does a bottleneck on the bandwidth.
Ricardo – Sorry for the late reply.. I haven’t been checking the comments section lately. Can you segment all these “visitors” into a separate network? If you cannot fix them.. then a better way might be to protect yourself from them (i.e. the travelling computers).
Hi there, just wanted to mention, I enjoyed this blog post. It was practical. Keep on posting!