Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: CSI Groups and WSUS Groups
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
CSI
| info.sic | CSI Groups and WSUS Groups |
|---|---|
 |
8th Aug, 2012 13:21 |
|
Ranking: 0 Posts: 4 User Since: 13th May, 2011 System Score: N/A Location: DE |
Hello, how can I separate the Secunia 3rd Party Updates from the normal WSUS Updates. We have some computers that should receive only normal Windows Updates and some other that should receive both 3rd Party and Windows Updates. The problem is that the Computers that are not aware of CSI (no certificate installed, no 3rd party updates allowed in the GPO) still become the 3rd party updates and then those updates fail, because of the missing certificate. Is there a nice way to separate the Computers in two groups - only Windows updates and Secunia + Windows Updates for those who want both? thanks |
| SmithJoe | RE: CSI Groups and WSUS Groups | ||||||||
|
8th Aug, 2012 17:54 | ||||||||
| Score: 143 Posts: 33 User Since: 14th Jun 2011 System Score: N/A Location: DE |
The first question would be : how are your computers now managed on the wsus? Lets say you have somethings like this on your wsus \sales \office \whatever in my opinion the only way would be to further seperate the groups i.e. \sales\csi and put the machines in there that way all the machines in \sales would get the "normal" windows updates and if you only approve the updates for \sales\csi ony the machines in that container will get the updates you could also create two groups if you prefer that \sales\csi \sales\normal or whatever ... Greetings Joe |
||||||||
|
|||||||||
| info.sic | RE: CSI Groups and WSUS Groups | ||||||||
|
|
10th Aug, 2012 13:36 | ||||||||
| Score: 0 Posts: 4 User Since: 13th May 2011 System Score: N/A Location: DE |
Thank you very much, now I located the problem. There is a similar thread where I found the solution. CSI Updates are treated as Security Updates and on our WSUS we have a policy that approves automatically the security updates. So after I fixed that the Updates are not automatically approved for all the groups, instead I can approve them for certain groups say "csi". That is the next problem. Now we must approve every single update manually, but we want that csi updates are approved automatically (only) for the WSUS group CSI. Does anybody know a way to do this? Probably I would start a new thread for this question. (As you know on the WSUS product list there are no CSI Updates shown, so that we cannot chose that group and create a rule on the wsus) thanks again |
||||||||
|
|||||||||
| info.sic | RE: CSI Groups and WSUS Groups | ||||||||
|
|
10th Aug, 2012 13:52 | ||||||||
| Score: 0 Posts: 4 User Since: 13th May 2011 System Score: N/A Location: DE |
Ok now I have the solution for the problem, letīs say we have in the wsus 3 Groups: /All /only security updates /csi + security updates /only security updates -becomes security updates, but deselect a MS product, so that no CSI Updates are automatic delivered to that group /csi + security updates -create a new rule security updates selected for all products last but not least, beware that no undergroup inherits the rules for the "/csi + security updates" because it would become also CSI Updates Thus some groups become only normal updates, some become normal + csi updates and the csi updates are automatically approved for all groups that have all security updates in WSUS as an automatic rule. bye |
||||||||
|
|||||||||
