Windows 2003 Server & UDP

Discussion in 'Server Networking' started by Patrick Whittle, Nov 26, 2009.

  1. Do you know of a way to prevent Windows Update from trying to go to
    Microsoft, by using a firewall? My Windows 2003 Server wants to get the
    latest updates all the time, and I was thinking that I need to setup a UDP
    port to block Windows Update. Do you know what Windows Update uses? Isn't
    it just a UDP port?
    Patrick Whittle, Nov 26, 2009
    1. Advertisements

  2. Patrick Whittle

    NeilH Guest

    Am I missing something here? Why not just switch off Windows Update?
    NeilH, Nov 26, 2009
    1. Advertisements

  3. I plan on letting a couple updates run, then after that, I don't want the
    pop-up anymore.
    Patrick Whittle, Nov 26, 2009
  4. It's easier to change Windows update settings than altering firewall ports,
    shuttding down services, etc.

    If you want to pick and choose updates for all machines, you can use WSUS to
    control which updates you want. Install WSUS on your server, pick and choose
    updates, setup a group policy for your machines to use your server for
    Windows updates instead of Microsoft's site, and you should be good to go.
    If the machines are not joined to the domain, you can alter the registry
    entries on your machines, such as the Windows Home machines, to use the
    server for Windows Update.

    Read more here:

    Windows Server Update Services (WSUS) Home... downloads, support, and
    community. Evaluate and find out how to install, deploy, and maintain WSUS.
    Read the deployment papers to understand how to set it up, machine targeting
    using GPOs, etc.
    Click on the links under the section "Install and Learn" which are: 1)
    Deployment Guide, 2). Step by Step Installation Guide, and 3) Operations

    Download the latest version WSUS 3.0 SP2 in the next link.

    Download details: Windows Server Update Services 3.0 SP2, Aug 25, 2009 ...
    Click Save to copy the download to your computer for installation at a later
    time. Before installing you install WSUS 3.0 SP2: ...


    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
    2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer

    For urgent issues, please contact Microsoft PSS directly. Please check for regional support phone numbers.
    Ace Fekay [MCT], Nov 26, 2009
  5. Hey thanks Ace.
    If you're the Ace man, I'm the Whittler.

    PS is already taken.
    Patrick Whittle, Nov 26, 2009
  6. You are welcome. :)

    Why not try

    Ace Fekay [MCT], Nov 27, 2009
  7. Patrick Whittle

    Hank Arnold Guest

    When you accept the "couple", why not decline the others? Just un-check
    the update and you should be given the opportunity to hide them...


    Hank Arnold
    Microsoft MVP
    Windows Server - Directory Services
    Hank Arnold, Nov 29, 2009
  8. From now on I'm going to do my updates manually. I used 'net stop bits' and
    'net stop wuauserv' to shutdown the update utility.
    Patrick Whittle, Nov 29, 2009
  9. You didn't have to stop any services. Simply RIGHT-CLICK MyComputer or
    Computer, select Properties, Windows Update, Change settings, select to
    NEVER CHECK FOR UPDATES. Then simply go to Windows Update and check for
    updates, and select what you want to install.

    Are you familiar with the differences and what some of the updates do for
    you and your system when picking and choosing necessary updates?

    Ace Fekay [MCT], Nov 29, 2009
  10. I am familiar, and I usually look at the 'Importance' flag when deciding
    weather to update or not.
    Patrick Whittle, Nov 29, 2009
  11. There are updates that do not have the importance flag that should be
    installed. However, I can understand your decision, however, I rather
    suggest to carefully weigh all updates, recommended and optional, read their
    descriptions, to make a better call on whether to install it or not, instead
    of just the flag.

    Ace Fekay [MCT], Nov 30, 2009
  12. Patrick Whittle

    Phil Angus Guest

    I agree with ACE. You are far better off managing this whole thing from one
    server using WSUS than disabling services, switching things off etc. Simply
    select the updates you want to roll out and off they go. Allowing several
    machines to access the internet for updates in an uncontrolled manner and
    time is also bad. There are also some updates that automatically reboot your
    machine, and when you have a sales force full of stupid people (IT
    illiterate, no offence to sales people!), you end up with a complete mess.
    Phil Angus, Dec 2, 2009
  13. This makes sense (personal experience with Sales force of stupid people) and
    I have already disabled WSUS through a batch file.
    Patrick Whittle, Dec 2, 2009
  14. You mean you've disabled Windows Update, not WSUS. WSUS is Windows Server
    Updates Services, which is what I've been suggesting to install and have
    already provided links to show you how to install and run it.

    Ace Fekay [MCT], Dec 2, 2009
  15. I'm going to run my batch file from now on. That is, whenever the server
    needs a boot.
    Patrick Whittle, Dec 2, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.