Jul 10, 2013 Report to WSUS and Detect new Updates THis batch file will force the client to report to its configured WSUS server and Also look for new updates. This works Great on Xp clients where there is no other way to force an update, it also works well on 7. This detection method could be configured a variety of ways. For example, it could check to see if the msi code is installed to determine success, it could check the.exe and compare it to a specific version, or even check a registry file for existence.
I've never used Auto Approval. Not even for Definition Updates?!? That's crazy, who would want to constantly be checking and manually approving those.
We automatically approve Definition Updates to all All Computers and we left the default options to auto-approve WSUS product updates and auto approve new revisions of already approved updates. We also have a number of auto approve rules that don't technically apply, but use them for organizational purposes.
We auto approve any Exchange 2010 update to apply to an 'Exchange Updates' computer group, but there are no systems actually assigned to that group so they will never be downloaded and installed. That prevents an Exchange update from being pushed to Exchange by accident by the WSUS admin(s) and by putting them all in one group makes it easy to view them and such when we want to review the updates to be deployed.
O, and using WSUS to push flash, shockwave & Java keeps me on the wsus server a lot. Now I just gotta work out how to update Reader via WSUS and I'll be happier. What are you using to do this? I know of products like Eminentware (aquired by Solarwinds) but curious what else can push flash/java updates via WSUS.
I use Local Update Publisher to inject the files. Best of all, it's free. I've even pushed out Symanetc Endpoint protection 12.1 using WSUS and LUP. My next effort will be Lync. Yes, you can use Group policy to push out Flash, etc, but you get no reporting if it worked or not.