TR Forums

So I just got a new job and for the most part everything is going smooth and nothing I haven't seen before except for WSUS.
Now this is a new responsibility which I have never had in the past.

I don't have any M$ server certifications so there is quite a bit I don't know when it comes to windows server administration.

The environment is windows 7 pro 64bit on a windows AD with servers mostly running windows 2003 with at least one server running server 2000.
Ancient stuff but then this is manufacturing and some parts of the building are still wired for cat 3.

In the next year or two they are budgeting for a complete overhaul including complete rewire of the building with cat 6, brand new servers, and machine upgrades to windows 10 pro.

UNTIL THEN I have to manage wsus and windows updates for windows 7.

I just signed up to get M$ email newsletter so I know what patches are coming through every patch tuesday and I've set a reminder to approve or decline updates 2 weeks later.
I believe "Patch Tuesday" is the second tuesday of every month with some out of bound and I have setup a reminder to go through and approve 2 weeks later.

What else should I look at and think about?

Antivirus updates are automatic along with updates for chrome and firefox.
Lots of old software in use including PLEX so the corp standard for web browser is IE 11.

If you inherited a working setup, you're probably fine to leave it as-is for the time being.

However, you do need to perform regular maintenance to keep WSUS running well. Depending on your database and your hardware, you can run into problems in as little as 3-6 months.

Poor performance of the WSUS server and the inability to complete cleanup are particularly common on Server 2012 installations. We upgraded the WSUS server to 2016 as soon as we could, and it was much better---but still slows down if not maintained.

It is extremely important to purge old updates and clean up the database regularly. Where I work, WSUS runs on a VM. Every month, they snapshot, sync, cleanup, and test by patching a few systems. If you take snapshots, you should delete them as soon as you verify the server is working. The combination of large file downloads and a database is not good for long-term snapshots (same for both VMware and Hyper-V).

Edit: You will need a newer version of Windows Server to run a version of WSUS that supports Windows 10. I'm shocked and horrified that Server 2000 and Server 2003 are still in service anywhere.

I was surprised to find windows 2003 running in a major role as well. (The 2000 server seems to be there as a just-in-case...)

The previous guy was a real SOB.
Lied through his teeth, didn't follow up, didn't get things done, basically didn't do his job, and actually made things worse. The final thing got him canned was he admitted to HR that he knew they were thinking about replacing him because he was snooping through their network drives and ticketing system and emails. Of course he had to go and say it to the head of HR in rather nasty way. LOL

He didn't maintain the wsus server at all and the guy who is training me had to go in and find out why there was a 6 months backlog of updates and why wsus was not able to release updates anymore. Basically had to completely remove and reinstall it with the latest version.

So is it a properly working setup? I sure hope so!
Does seem to be working with machines checking in and downloading updates etc. but I have nothing to compare it to.

On the positive side it gives me a rather low bar to hurdle!

[quote="TheRazorsEdge"
However, you do need to perform regular maintenance to keep WSUS running well. Depending on your database and your hardware, you can run into problems in as little as 3-6 months.[/quote]

Holy carp! what an awesome article!!!

Thanks so much!

I'm gonna have to study and implement that one...

Aranarth wrote:

I was surprised to find windows 2003 running in a major role as well. (The 2000 server seems to be there as a just-in-case...)

The previous guy was a real SOB.
Lied through his teeth, didn't follow up, didn't get things done, basically didn't do his job, and actually made things worse. The final thing got him canned was he admitted to HR that he knew they were thinking about replacing him because he was snooping through their network drives and ticketing system and emails. Of course he had to go and say it to the head of HR in rather nasty way. LOL

He didn't maintain the wsus server at all and the guy who is training me had to go in and find out why there was a 6 months backlog of updates and why wsus was not able to release updates anymore. Basically had to completely remove and reinstall it with the latest version.

So is it a properly working setup? I sure hope so!
Does seem to be working with machines checking in and downloading updates etc. but I have nothing to compare it to.

On the positive side it gives me a rather low bar to hurdle!

Based on what you just said better do a license audit, just in case.

Well someone did train you, so maybe they have that covered.

thecoldanddarkone wrote:

Based on what you just said better do a license audit, just in case.

Good point. Lemme check with Corp IT. I'm just in charge of an old manufacturing plant.