forum.opsi.org

Hello,

What is the best way to deploy Windows Updates? Is it best to deploy them with opsi or WSUS or a combination of both?

Would a Squid server running doing transparent caching at the network level be of any help?

It seems like a lot Windows updates, such as IE, need a lot of reboots, especially with starting from a fresh install. I'm wondering if there's a way to orchestrate this.

Deploying Windows Updates does mean exactly what?
Deployment during provisioning of the client? Or during the lifecycle of the client?

Hi,

my attempt to this: if you have a solution that works for you stay with it.
I do not think that there is the golden way that suits every need.
You can deploy those updates with opsi if you like. One way of doing it without much work is to use the subscription packages provided by uib.


With kind regards

Niko

We have about 10 new laptops that come into our shop every week. We need to install Windows 7/Windows 10 on them, applications, and Windows Updates before sending them out to our users who work from home.

If I download the Windows Updates straight from the internet it's currently it's taking a few hours to install them all on Windows 7, at least 45 minutes to install them on Windows 10, so I'm looking for a quicker way to do this.

Thanks, I didn't know about the 'MS-Hotfixes' update subscription for opsi. Does it cache the updates locally on the opsi server?

OK, provisionig....

WSUSOffline might be worth a look. (http://www.wsusoffline.net/docs/). It deals only with security updates.
Assuming you do have a Windows Domain/Forest WSUS itself may become your friend.
We do use a combination of both to provision our servers.

And you can do it the hard way. Injecting the updates into the installation images. (Have fun.)

If you want a hassle free solution, I'd go with Niko's suggestion. Updates are downloaded once to your OPSI server as 'OPSi packages'. So are indeed 'cached'. (And no, I'm not affiliated with uib in any way.)

Hi,

ttblum hat geschrieben:We have about 10 new laptops that come into our shop every week. We need to install Windows 7/Windows 10 on them, applications, and Windows Updates before sending them out to our users who work from home.

If I download the Windows Updates straight from the internet it's currently it's taking a few hours to install them all on Windows 7, at least 45 minutes to install them on Windows 10, so I'm looking for a quicker way to do this.

In this case I'd suggest going with the subscription provided by uib as with that approach you can control when the updates get deployed - they are a .opsi package after all and you can deploy them on-demand instead of waiting for the internet / WSUS to deliver them some time. (This get's more important if updating a machine may become time critical).

ttblum hat geschrieben:Thanks, I didn't know about the 'MS-Hotfixes' update subscription for opsi. Does it cache the updates locally on the opsi server?

As uncle_scrooge said you will get an .opsi package and this will be stored on your server.

uncle_scrooge hat geschrieben:And you can do it the hard way. Injecting the updates into the installation images. (Have fun.)

This still works and I know that this solution has been very popular before Windows 10. But this only makes sense if you deploy the complete OS and each month you will have to integrate new patches into your install.wim. Also you need a solution to update the clients that already have their OS deployed.


Kind regards

Niko

n.wenselowski hat geschrieben: In this case I'd suggest going with the subscription provided by uib as with that approach you can control when the updates get deployed - they are a .opsi package after all and you can deploy them on-demand instead of waiting for the internet / WSUS to deliver them some time. (This get's more important if updating a machine may become time critical).

Well, more often than not, you'd want to wait with those updates. Microsoft breaks a lot of patches. Just last month I installed an office update too soon, and voila, half the text in outlook was in swedish.