WSUS for remote users

Discussion in 'Windows Small Business Server' started by James, Mar 17, 2007.

  1. James

    James Guest

    We have successfully added a Win2003 Machine with terminal services to our
    SBS2003 (Premium) network.

    Remote users are able to successfully access the application server and
    undertake typical day to day functions (outlook, office2003 etc).

    What I need to be able to do (and would appreciate some help with) is to
    have 5 remote client computers automatically update using WSUS. (Incidentally
    WSUS is installed on our SBS2003 machine and has been very successful in
    keeping the internal network up to date 5 clients and 2 servers).

    Would appreciate some advice on where to start to get remote computers
    updating using WSUS.


    James, Mar 17, 2007
  2. Unless these computers are all branch office, domain member computers, and
    the branch office network has a site-link VPN to your main office & there's
    a really speedy connection on both sides, I'd just have them use Microsoft
    Update from the Internet.
    Lanwench [MVP - Exchange], Mar 17, 2007
  3. James

    James Guest

    Hi, and thanks for your response.

    The remote computers were originally set up in the head office, and are
    therefore Domain member computers. Currently there is no VPN connection. I am
    guessing that we would need another server in the remote office to manage
    that connection, and the remote lan. The main office has a 1500 ADSL
    connection and the remote office has a 512 ADSL connection.

    So my questions now are:

    Will we need a server in the remote office?

    Will the connections indicated above be fast enough?

    Would this proposed setup also allow us to to have the remote computers
    managed by Group Policy? And to be covered by our Trend Micro virus

    Would it be easier/cheaper for me to connect each of the 3 remote computers
    via VPN (say once a fortnight when I am in that office), and have them update
    themselves fortnightly??


    James, Mar 19, 2007
  4. If these are domain-member workstations, yes - and it should be a DC in your
    SBS domain (and GC/DNS/DHCP box) and you'll need a site-link VPN (ideally
    using two compatible routers/firewall appliances as endpoints).

    I don't join workstations to the domain unless they will have at least some
    regular contact to the domain - and a VPN client connection doesn't count.
    Depends on use. Probably not....but you can try. I don't like ADSL for
    No; if you're not going to have a DC there & a decent link to the main
    office, don't even have them be domain members. They don't need to be if all
    they're doing is TS to your main office (and they can also use RPC over HTTP
    connections in their locally installed Outlook).
    Lanwench [MVP - Exchange], Mar 19, 2007
  5. James

    James Guest

    Thanks again,

    just to clarify ...
    I should remove these client computers from the domain ... and maybe just
    set them up on a local workgroup for printer sharing etc??
    Could you please define RPC ??

    The next question then is if I disconnect these computers from the domain,
    and I can't update the computers via group policy, wsus or protect them via
    trend micro ... what would be the best way to keep these computer updated and

    1. have them automatically update using MS Windows update service
    (automatically download and install).
    2. Each computer have its own virus protection subscription?? Can trend be
    loaded onto them using our current license, but instead of the clien updating
    from our server ... can it be set to update directly from the internet?
    3. How do I go about resptricting things like dekstops, windows settings,
    login hours etc, if these clients are not subject to group policy?

    I realise that this is probably a big ask, but your assistance again would
    greatly help.


    James, Mar 19, 2007
