Exceptions in update approval using client side targeting

Discussion in 'Update Services' started by Haavard, Nov 17, 2005.

  1. Haavard

    Haavard Guest

    I'm using client side targeting and about 5 different groups.

    Once in a while, updates do not "fit"/will not install on individual PCs for
    various reasons.
    Does anyone know how to make exceptions so that the update will not try to
    install all the time on the macines in questions.

    Obviously it is not manageable to make a group for each individual PCr that
    have problems.

    Example: .NET Framework 1.1 SP1 update willl try to install on macine with
    ..net 2.0
     
    Haavard, Nov 17, 2005
    #1
    1. Advertisements

  2. Haavard

    Dave Mills Guest

    I don't think you can do this.

    You example may be offside too because as I understand it dotNET 1.1
    and 2.0 are designed to co-exist because application designed for 1.1
    may not work with 2.0
     
    Dave Mills, Nov 17, 2005
    #2
    1. Advertisements

  3. Haavard

    Zoel Guest

    I have found the detection to be proper so far, if WSUS says an update is
    needed, then it is.

    If you have a reason not to publish an update, thats a diffrent story. I
    have a group of systems that are not compatable with the changes made by .net
    2.0 so have created a group for those computers to live in temporarily to
    prevent the update.

    the nice thing about client side targeting is that you can leave the
    policies in place and just turn it off server side. When the problem is
    fixed, I just turn it back on and the systems move back to the proper groups
    on their own. (handled through the WSUS console)
     
    Zoel, Nov 17, 2005
    #3
  4. If the update is trying to install all of the time, it's because the install
    is /failing/.

    The proper response would be to investigate and determine why the update
    installation is failing.

    Making an "exception" to prevent the installation does not accomplish anything
    useful.

    If you have identified an issue where the WUA is attempting to install the
    ..NET Framework v1.1 Security Update on a machine with the .NET Framework v2.0
    installed, that does NOT have the .NET Framework v1.1 installed, then it would
    be more appropriate to report that issue as a BUG.

    Otherwise, the .NET Framework v1.1 Security Update /should/ install on a
    machine with the .NET Framework v1.1 installed, regardless of whether the .NET
    Framework v2.0 is installed - or not.

    If you're having issues installing the Security Update on a machine that does
    have the v1.1 framework installed, then you need to find out why the SecUpdate
    will not install.
     
    Lawrence Garvin [MVP], Nov 18, 2005
    #4
  5. Haavard

    Haavard Guest

    Thanks.

    Forget my example, it was not good.
    Somtimes patches actually makes systems not work anymore.
    It is no secret that MS sometimes revokes patches or releases new ones
    because it is some issues.
    Three times this year I had to remove patches manually from server systems
    to get them back in production. I do not have time to investigate heavily why
    this happens.

    My question was if WSUS has a way to say that THIS patch should not go to
    THIS computer without having to make indiviual groups?
     
    Haavard, Nov 18, 2005
    #5
  6. Hi,

    No, you cannot do that with WSUS...
     
    Torgeir Bakken \(MVP\), Nov 18, 2005
    #6
  7. No. WSUS can only approve updates based on groups.

    How many, or what types, of computers are in a group is irrelevant to WSUS.

    The logic that determines whether a specific update goes to a specific
    computer in a group that has been approved to install a specific update is
    wholly contained on the client side of the connection.

    My best suggestion, if you have a problematic update -- such as 816093 (VM
    update 3810), or the .NET Framework v1.1 SecUpdate (which is really not
    problematic in the big scheme of things), is to create a special target group
    for that specific update. Approve only that update for that target group.
    Then, temporarily assign the appropriate client systems to that target group
    to facilitate the installation of that specific update. When the update is
    installed, put the client system back in its normal target group.
     
    Lawrence Garvin [MVP], Nov 19, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.