Home
.. About WSUS Wiki

RSS

WSUS
.. WSUS FAQ
.. WSUS on SBS
.. WSUS Troubleshooting
.. WSUS News Groups
.. Known WSUS Issues
.. WSUS Links
.. WSUS Wish List

WSUS Documents
.. WSUS Deployment Guide
.. WSUS Installation Guide
.. WSUS Release Notes
.. WSUS Best Practice

SUS
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues

Wiki Community
.. Wiki Contributors
.. I Love WSUS
.. WSUS Wiki Diary
.. Wiki Statistics
.. To Do Page

Miscellaneous Stuff
.. Other Resources
.. Do You Know?

..[[windows backup software]]

Site Meter

Terms of Use
Trademarks
Privacy Statement

 

WSUS Wish List

WSUS does not solve all the patch management needs for all customer. The following is a list of desired WSUS features. Feel free to add more wishes to this list - be sure to give as much details on your wish, and why such a feature would be usefull to you and other WSUS customers.

  1. Push Install WSUS Client - It would be a nice goal to push installations to clients for activating the WSUS-Client the right way.
  2. Deploy User Defined Updates - WSUS only supports specific Microsoft issued updates. It would be nice to open up the architecture to allow customer developed and 3rd party updates to be distributed via WSUS (e.g. like Shavlik HFNetCheck Patch).
  3. Delegation Of Administration - Allow only specific administrators to approve updates for a target group.
  4. WSUS Integration With AD - Provide a mechanism to enable the use of AD OUs as the basis for WSUS patch deployment.
  5. Distinguish Between Synchronization And Download - I inadvertently disconnected my WUS B2 server from its Internet connection while it was in the middle of downloading over 1.2Gb of updates.
  6. Big Red Button - In emergency cases this red button is pressed which causes WSUS server to contact all the clients and force them to run a scan at that moment. This feature can also be used by right clicking on a computer and selecting scan now.
  7. Schedule Computers For Reboot - After updates are installed, it would be helpful to be able to select a client, and specify a time for the reboot if desired.
  8. Report By Computer Instead Of By Update - it would be nice to report "per computer" in addition to "per update".
  9. Download Updates By Schedule - to minimize the impact on bandwidth during certain times, it would be nice to be able to schedule when the download can happen.
  10. Client Troubleshooting Tools Needed - we need client side troubleshooting tools.
  11. WSUS Download Server by Policy - change the way the AU client determines where to download updates. Currently, this is defined per WSUS server, however it should be defined at the client.
  12. WSUS Default All Languages Considered Harmful - by default, WSUS is configured to download ALL languages, although you can change it.
  13. Update Via URL - It should be possible to use a WSUS server in the same manner as Windows Update.
  14. More Response To Wish List - it would be nice to know that Microsoft is noticing the contents of this Wiki, and in particular this wish list. Many of the wishes here really should be easy to implement.
  15. Mandatory Updates - Provide the adminstrator to mark an update as "Mandatory" so that update can not be rejected or postponed, even by a user with local admin rights.
  16. Comment Per Update - Provide a comments field for each update. It would also be beneficial for a per-patch comment field to populate the respective event log entry on the client machine. That way if a tech is reviewing the event log checks the entry of a confirmed install he/she can see where locally-relevant annotations that may have been included.
  17. Approve Needed - Provide approval links/options directly from reports pages (i.e. "Needed Updates") to avoid having to go to two places to see what's needed and then to actually approve the updates. Or add "Needed Updates" to the filter list on the Updates page.
  18. Show Superceded - Provide a quick way to view all updates which are superceded by a given update. The superceded updates should also have options to approve or decline each one from the displayed view.
  19. Email Notification - notify admins when new (unapproved) updates are available, as well as new product synchronization categories, etc. Pretty much anything worth notifying about.
  20. [Status Error lookup] - When viewing updates that have failed to install - the "Status" column will list an error number e.g.0x8007063. It would be nice if that error number had a link to the error description on the MS website. (skatterbrain: Or how about actually showing the error description right next to the error number!)
  21. Report Export - Right now (WSUS RC1 anyway) you can only print a report. I would like to be able to crank out an HTML or even TXT report to submit to our helpdesk team leads to show which updates are currently approved for installation. I have to submit such reports, and right now, that means death to evil trees.
  22. Purge Content - I would like to be able to purge content for updates marked as declined, expired, not approved so they don't continue to take disk space.  (Look at Stored Procedure to Delete Declined Updates, I just posted it today 10/24/07)
  23. SQL connection via windows SQL authentication versus windows authentication. I'm hoping this will be an added feature so that the administrator does not have to open up so many ports to the database.
  24. It would be nice to have it where you can schedule the download by a specifc time instead of the "every so many hours" option that gpedit has. This would save my bandwidth during peektimes if I knew all computers were scheduled after hours.
  25. Currently, AFAIK, the only statuses are Installed, Needed, and Unknown. It would be nice to have an 'Approved' status. That way you could see which patches were scheduled for deployment....
  26. From the main "Computers" section, it would be nice to be able to change/add columns to the list.
    This does fall slighly into the realms of the "Reports" page, but thats fine.!
    For example, a Username column would be extremly handy.! How many people here know exactly where a PC is from it name.?
    A column saying how many updates are needed for each computer in the list, instead of clicking each one and looking at the status. Even a simple tick icon would help.
  27. An option to ADD a computer to the list would help. This would save non-AD admins installing registry hacks to each machine. WUS could then do this automatically from preset values that the admin can change.
  28. My wish list addition would be making the Approving Updates for Installation feature more flexible. Right now there is only a "Deadline" schedule. I'd like a starting installation date schedule.
    Example: It's Thursday. I want to approve the updates for
    installation now but I want them to be installed between
    Saturday at noon and Sunday by 5:00 p.m.
  29. My addition would be to add the patches/updates for Office 2000 (yes, I know it's quite old but we are having a really tough time convince the powers that be to cough up the money to move to Office 2003).  If you can get the Office 2000 patches by visiting officeupdate.microsoft.com, then why can't we deploy them via WSUS.  We have so many issues just gettting everyone up to SP3 of Office 2000 due to all the various administrative install points we have inherited (we've consolidated IT support of several divisions and inherited their clients as well as their various software repair points).  If we could use WSUS to patch these machines and get them all up to SP3 and all the needed security patches, this would be a huge help to us.  SMS just isn't going to cut it for us on this due to the administrative install points issue (maybe the Office 2000 patches/SP's don't have the same capability as the Office 2003 ones do at dealing with install point issues).
  30. Store Patches on a remote network drive. I have an *old* server with a 4gb data drive, ideal for WSUS,  but I can't use this as the installation won't let me proceed without 6GB of free space.  I have a 320GB Win2003 NAS server on the LAN but WSUS won't let me store updates on this remote drive.  The installation white paper mentions being able to use /v in install options and then specifying a mapped drive,  but this doesn't work.  I think this would be useful for lots of smaller companies that have invested in NAS storage and a lot of companies have an old server in the cupboard that is perfectly useable but a little short on space.
  31. Add functionality to delete locally stored updates from WSUS server when they have been deployed on client machines.  This will save on disk space - there is no need to store old updates once they have been installed and this would save on disk space for those customers who are storing the updates locally.
  32. Would like to have the ability to add Microsoft Hotfixes to the list of deployable updates.  Maybe by have a field that says "enter KB article number" and then on the next synchronization the WSUS box would go and download the hotfix.  The administrator could then approve the update for installation.  Just because it is a hotfix does not mean it is specific to an individual computer (e.g. KB836051 & KB819536).
  33. Filter Updates by OS would be handy.
  34. 'Stop all downloads' button - "Downloading 15.74 of 2,172.79mb". Ooops.
  35. DISABLE MANDATORY REBOOT FOR SERVERS!!! Give admins the ability to force an updated computer to remain online w/out a forced reboot. Many admins have strict monitoring & reboot schedules that are sync'd tightly. Allow the admin to schedule & execute the reboot through some other means, even if it means keeping a "half-patched, reboot-pending" server online for an extra few hours. Please dont force us to create & run dubious WUA API install scripts as a work-around.
  36. It sure would be nice to have some concrete documentation of error messages. We've been struggling with intermittent problems with WSUS admin, specifically with the "check your server configuration, Non-running services" SelfUpdate."
  37. "REMOVE DOWNLOADED UPDATES" MENU OPTION - Many users are concerned about disk space being used unnecessarily by expired, superceded, or otherwise unneeded update binaries. The method provided in WsusDebugTool /purgeunneededfiles is problematic, and akin to using a sledgehammer to swat flies - it can sometimes do more damage than good.  I would like to see the following features added:  1) Downloaded updates which have expired should automagically be removed from the file system. 2) Same thing with older revisions once the newer version has been approved  3) A menu option(s) should be added to delete downloaded updates - one or multiple selected items at a time. This should be available from the Updates view, and perhaps from other windows as well to make use of the various filtering mechanisms already present in the UI.  A "select all" option would be handy once the user has things filtered appropriately.
  38. "Additional Field 'LoginName (User)' in Reporting/Update pages - I would like to have an additional field 'User Loginname' or the last known logged in User in all pages . It would be easier to find a PC in our huge environment. Also it would be good,  if it would be possible to filter the computers after the loginname.

  39. [Forced Update Installation Onboot]Since not all users have their computers turned on at night it would be good if the updates are forced to install before they log on, with an message "Please wait while system installs latest patches from the WSUS server" and then reboot if it have to.

  40. [Anyprogrampatchsystem]]Any windows program should patched by WSUS. I guess that require that you can add another cerificated patch server in WSUS. The other server then work in the same. You downloadpatch information and then download an xml for which programs it can serve.

    40b - Allow WSUS to import/push custom Microsoft patches.  An example would be the DST Time Patch for Windows 2000.

  41. To remove obsolete patches. I ported an SUS to  WSUS and the oldpatches for languanges which I dont need or have, still show up as dected only and WSUS complains that it does want to install them but when I say to deploy them it says wrong language.
  42. Allow administrators to delay the "Automatic Updates:  Updating your computer is almost ready...." nag screen from first appearing (or never appearing, but I've already read all of the arguments as to why the developers want to require this screen to appear).  We've set Group Policy to have client updates loaded and ready to install an hour before the users go home.  Everyone turns off their computers before leaving.  Right now, they receive the nag screen within an hour before leaving and have to drag it to one side to continue working (they do not have local Administrator rights, so they cannot click "Restart Later").  We want them to NOT see that screen, but instead use the "Install Updates and Shutdown" option when they shutdown to go home.
  43. Disable the "Automatic Updates: Updating your computer is almost ready..." nag screen for ICA / RDP clients.  This is really frustrating when trying to use WSUS with Citrix servers.  The users can't click ANYTHING on the nag screen, but only drag it off to the side, so it is useless for them to even see it (which is always, since it always has focus).
  44. Master/slave reporting rollup.  The "unsupported" roll-up tool in WSUS 2.0 leaves a lot to be desired. If using WSUS in an enterprise it takes a lot of effort to track down slave update statuses.   The roll-up tool ignores target groups and doesn't have many features.  In an multi-server installation, having the slave tbUpdateStatusPerComputer and tbTarget* tables roll up to the master SQL server would make reporting of the whole organization a lot more consolidated. 
  45. Prevent the WSUS globe / sheild from showing up in a Citrix Seamless desktop.  If a user is connecting to a Citrix Server in seamless mode, the WSUS icon shows up in their system tray.  This is a cause for concern because the users (or administrators) can't tell if they are installing updates on the server, or their PC.
  46. When installing updates which require Windows Installer have WSUS set the Windows Installer service to manual, and start the service when required After updates are installed set the service back to the previous state (disabled/stopped).  We would like to set the Windows Installer to disabled & stopped to prevent users from installing new programs, but we are finding the many Microsoft updates require this service to be startable.


    We need to summarize and consolidate these comments:

    From tdwilli - 2005-01-26 7:10 AM []

     

    Enhanced Reporting Features

     

    It would be very helpful to be able to filter reports (for printing/export to CSV, etc.). In my domain, we don't enforce updates/installations to our client machines (for a number or reasons), but we have a unit policy that instructs each user to update their system unless they can present a valid reason why they shouldn't.
    So, for example, I would like to be able to print a report showing all systems on my domain that have a status of "Needed" for any or all available updates from my WUS servers. This filtering capability should apply to all defined computer groups and updates, permitting the administrator to keep tabs on which machines are still in need of specific (approved) updates, as well as the other status indicators (Installed & Failed).
    In its current state, the only way (that I've found anyway) to obtain this information is to open the reporting page in the WUS admin console, select "Any Action" and "All Computers" from the View section, expand the entire list of updates, then start paging down the list while expanding each "All Computer" section within each update listing. This is very time-consuming and tedious, not to mention the number of trees I kill just printing the report because it also includes all the "Installed" "Not Applicable" entries as well.

    From Skatterbrain - 2005-01-26 9:38 PM []

    Thanks for the heads-up tfl, I wasn't aware of that. I'm not sure I have access to the "OEP" beta site though. I've worked on many betas, but I was only able to get into the "public" part of this one (beta 2). If the CHM is available to goons like us, please point me to the URL? :) TIA

    From tfl - 2005-01-27 1:32 PM []

    The API documentation is available at the same place you got WUS from! Go to the beta web site, and click on downloads, then look for the API documentation. There's a 2mb or so download.

    From pieterkotze - 2005-01-31 7:25 AM []

    It looks like selfupdate only works on port 80.

    It would be nice if it could work on port 8530 as port 80 is sometimes blocked on

    secure intranets.

    It seems to be like that or am I wrong ????????????????

    pieter.kotze@sita.co.za

    From Skatterbrain - 2005-02-01 8:38 PM []

    I found the OEP site and got the downloads and everything fine. My wishlist addition would be to add more right-click features. It's very frustrating to switch from another app to the WUS console and try (habitually obviously) to right-click on things like a computer and expect to see something like "Move to another group" Or right-click an update and select "Install", "Detect" etc. Not there.

    I've read plenty that says there will not be an upgrade path from beta 2 to RTM, but I wonder if I deployed b2 now and then RTM ships and I decide to slick/reload my server with the RTM setup (same hw/sw/name/etc), will it still answer to clients or will it cause major disruptions in the overall flow of things?

    From Wizard - 2005-02-04 6:30 AM []

    I would like the option of removing declined and expired updates from the database.
    I know I can filter them, but when the home page says...
    Total: updates, Apprived

    From Wizard - 2005-02-04 6:30 AM []

    I would like the option of removing declined and expired updates from the database.
    I know I can filter them, but when the home page says...
    Total: 463
    Approved updates: 221
    Updates not approved: 0
    Expired updates: 82
    I have 160 updates not accounted for.!

    From Skatterbrain - 2005-02-09 10:33 AM []

    I wish the GPO setting that allows non-admins to receive update notifications would actually allow the users to install them. Laptop users in particular are tough to handle since they're typically offsite at night (when our desktops are updated - 3am). Even if I set the laptop GPO to do updates at like 9am, if they don't have admin rights they cannot actually install the updates. The weirdest thing is that it prompts, they try to install and it looks like it's actually doing the updates (downloads/installs, etc.) no errors or warnings. Then it pops up again and says the same updates are required and they repeat the process. It should either install as a system account context or block their attempts (like WU web site does) with a message about non-admins not having rights to install updates. I'd prefer the former to the latter, but oh well.

    From Skatterbrain - 2005-02-09 2:44 PM []

    While I'm at it, I'd like to be able to resize columns in the Updates view table. Seems odd that you cannot resize them.

    From tfl - 2005-02-09 5:16 PM []

    The inability to resize columns has been filed as a bug. Feel free to fine one yourself!! Thomas Lee

    From ucinv - 2005-02-10 3:06 PM []

    We do a lot of cloning from image files. Sometimes our image files are old and therefore are not up to date on updates. As is, WUS doesn't support "temporary" computers very well. I want to be able to boot up the cloned PC's and have them get their updates from the WUS server and then have the computers be deployed/sold/rented/destroyed, whatever. What I do now, is at the command prompt I type "wuauclt.exe /detectnow", but I never seem to know when it is done detecting and applying updates, there isn't even an option to get some indication or messagebox. I'd like to at least have the option to display a message like "No updates needed from the <NAME> WUS Server, You are up-to-date!"

    From tfl - 2005-02-11 3:30 AM []

    Re UCINV's comments:

    Updating cloned images is really not one of the sweet spots for this product. If you are handling clones and cloned images you might be better off using SMS. What would be useful for you is if you could simply use the cloned system's browser and navigate to your WUS server and get updated (similar to how you can be updated at windows update). That way, once cloned, you could simply navigate to you local server and get updated. So far as I'm aware, this option has not been accepted by MS.

    I agree totally about the need for a better client tool. You can see option 9 for my first take at what this could look like. If you have some better ideas on this, please feel free to update that page!

    MS is planning on doing some work to improve the client experience, and hopefuly this will be in the RC that's coming soon. In the mean time, please file bugs on this. At this point about the only thing that will make any real difference is bug reports: no matter how good an idea I think it is, it's the number of bug reports that MS gets that makes a difference! Thomas Lee

    From danholme - 2005-02-12 7:52 AM []

    Are there any developers who read this wiki? Seems to me (don't bother calling me naive--I know I am :-) ) that several of these wish-list items should be easy to implement. For example:

    • Given the wuauclt.exe /detectnow command, it should be relatively easy to create a Microsoft Update-like web page with a link that at minimum causes the computer to do a scan... and aren't scan results stored in XML somewhere, therefore present-able?
    • Since the Microsoft Update site uses an ActiveX control to scan for updates, is that control 'accessible' in such a way that, again, a Microsoft Update-like site could be created? Maybe not completely the same, but at least a step in that direction?
    • An AD event sink or monitoring tool that determines when a computer is moved (i.e. DN changes) and changes that computer's membership in 'parallel' WUS groups?
    • Can anyone (from MS or elsewhere) shed light on where certain defaults (i'm thinking specifically of "every language") are stored so we can create a script to run that changes that as part of a 'post installation clean-up' routine?
      •

    Some of these items on this wish list are so 'fundamental' that it is a bit interesting they're not already in the product... (hello... AD integration???) but I'm hoping we can round up some developers to start creating workarounds...

    Dan Holme
    Intelliem

    From tfl - 2005-02-12 8:38 AM []

    Regarding danholme's comment:

    I'm certain MS folks are reading both the wiki and the comments on these pages (as well as messages in the TAP/OEP newsgroups). From responses to bugs I've filed, not only am I certain the developer's are reading this site, I am also certain that they are listening and responding.

    However, you need to understand that a product is supposed to be feature complete to go to a final beta. This is the way MSF works and the way that MS traditionally runs projects.That's not to say that there won't be feature changes going into the RC, but at RC stage, the whole idea is to do final sanity checking on the feature set - not adding huge new features.

    This is, I suppose, a longwinded way of saying that whie I agree that many of the wishes here should be trivial to code, they each mean extra effort - and given that the proejct team is presumably fixed sized, more features just means more delays. As it is, WUS is badly late - and as much as I really want the new features, the products's ship date is an important feature too.

    I guess what I'd like to see is RTM as soon as possible, with an SP1 in 6 months time that makes the product better.

    My .02€ worth!

    Thomas

    From Skatterbrain - 2005-02-12 11:39 PM []

    Thanks for the info on column headings. I wonder if the issue of the WUS console text not respecting the text size options in IE have been submitted also? (just curious - don't want to beat a dead horse)

    From Skatterbrain - 2005-02-12 11:45 PM []

    The single biggest concern for our environment is the issue of whether or not the GPO option to "allow non-administrators" to receive update notifications will actually work consistently with ordinary "User" users (vice "Power Users" users). Half of our work force uses laptops, which are almost never left powered on overnight. That forces us to deal with updates during working hours (less than ideal, but there are no other options). This means the user is actively logged in and they don't have admin rights. We seldom add them to Power Users as well (unless they don't deal with secure information contracts). This new WUS GPO option looks very exciting but our tests show it is unreliable. It simply does not work on W2K/SP4 clients, and on XP clients it does work well except with OS service packs. In all cases where it doesn't work, it appears to be working (prompts, downloads, installs, confirms) but simply repeats itself again and again until an administrator logs on to run the updates. I'm hoping this gets fixes before RC or RTM.

    From PHPSE - 2005-02-23 4:05 PM []

    Support to push updates, patches, SPs to 2000 server? I did not see it in the supported list, not have I seen it in the updates list. Is this planned, or should I assume that this is a way to push servers to go 2003?

    TIA

    From Skatterbrain - 2005-03-01 7:04 AM []

    How about mandatory updates? That way, even with ElevateNonAdmins enabled, it would prevent users from de-selecting updates approved at the server. The default could be "optional", with an option to make each one "mandatory".

    From rdafoe - 2005-03-15 8:37 AM

    I would like a new column on the report. Right now there is an Installed, Needed, Failed, and Last Updated column. It would be really beneficial to have a Downloaded column to see what has been downloaded to pcs. This would help trying to figure out who is not rebooting their pcs for the updates, as in our environment, we cannot force a reboot.

    From Klaustro - 2005-05-23 5:11 PM

    I have two points:
    • I need more filter-options in the Updates-View. For example it would be really helpful if you could filter by updates which are only approved or not approved by a special group. You know? It would be great for example if you'd see the same tiny window you get when you set the install-options for a single patch in order to filter by your settings...
    • Another thing would be (and this is a really important one!!!), turning off all messages on the clients. In our environment everybody is working as a local administrator and everybody gets this annoying message that the pc needs a reboot. Why isn't there a "AUOptions=5 # Don't even notify anyone, just install and wait for the next restart" or maybe a better way "AUOptions=5 # Install next time when PC is shutting down"! These annoying messages disqualifies WSus in our environment and I believe we're not the only one...
      •


    (me again) - I'd LOVE to see a client-side API that could be invoked through scripting, .NET etc. to allow for custom automation and control. I'm just thinking of the potential flexibility that could provide with login scripts, SMS package deployments, and remote scripting.

     

    I added items 42 and 43 above...

  47. I would like to see a secondary source for the updates. It would work like this: if the primary WSUS server is not available, the client defaults to requesting updates from MU. This is an urgently needed update, since many of our clients have laptops and very seldom come itno the office and connect to the LAN. We have to andte that our nurses come in at least once a week and let the client sync. This results in potential security exposures.

Comments:

From anon - 4/12/07 4:38 PM

For those of you having trouble with installing updates on the machines of regular users - if you have them log off but leave the machine powered on, the updates will be installed automatically. Also, any reboots needed will happen at this time as well.

From timwiser - 3/26/07 6:10 AM

It would be great to have an option to make the client install patches before the logon stage.  For example, a blue screen saying "Please wait whilst update 1 of 3 is installed..." would be preferable to having the user interrupted during a logon session by the "Updates have been installed..." message asking for them to reboot.

 

From EdwardQ - 3/22/07 11:02 AM

Not Sure how to add new Wish List item.   I don't see this one on the list or can figure out if  wsus 2.0 has it.  But I like to, easily, be able to tell when a update is updated on a computer.  This can help trouble shoot issues if you wonder when and what was updated last.

From huntergatherer - 9/6/06 12:50 PM

 jlkobielusz,

 

Create a GPO for your "Testing" group and put it at the top level. Remove authenticated users from the GPO. Add Only the PCs to the GPO and make sure that the GPOs are processed in the correct order. This is how I do it.

 You gan also create a group and populate it with the PCs and put that group on the GPO, the only problem is that in order for the computers to know that they are a member or no longer a member of that group is to reboot them.

 

--HG-- 

From jlkobielusz - 9/5/06 9:39 AM

Our site has only been using WSUS for about a couple months now and think it's a great administrative tool. We use GPO's within our site for clients, servers, and another for selective exclusions. Without requiring the use of a separate OU or disconnected system, it would be nice to be able to create a target group of machines for testing released patches prior to deploying them across the board to everyone. The only ways I currently know of are to put them all in a separate OU and apply a GPO to the clients with the desired settings or do my testing in the off-line network (Where the world is always perfect :)  The problems with patches always seem to pop up on the production network and without staggering the times for GPO's to target computer groups or being a little creative with the policies or AD structure, it can be time consuming to recover from a difficult patch.  If there were any way to test the deployment to a few members of each existing computer group prior to a full scale assault on the clients, it would definitely be less destructive than recovereing later.   Of course, with my limited knowledge of the product, if anyone has any other recommendations, I would appreciate the inputs.

Thank you. 

From huntergatherer - 7/18/06 9:23 AM

It would be great if I can run a specified command before and or after the updates. This would be verry useful in putting MOM or any other Monitoring server in maintnance mode.

From Mikka - 6/28/06 5:00 AM

it doesnt seem that wiki links get parsed when using comments.  the page is here: http://wsuswiki.com/ContentOnNetworkDrive

From Mikka - 6/28/06 5:00 AM

I have a solution for wish list #30 here: [[ContentOnNetworkDrive]]

From cjwallace - 6/18/06 5:49 AM

It would be nice to see a proper solution for WSUS to have Wake On Lan. WSUS is such a great product but the fact that you have to use 3rd party tools to wake machines to apply patches is a real pain. it would be nice to have it all part of one product.

From vishwa - 5/24/06 4:19 PM

Hi,

when i open the home pages of wsus i,e https://servername/wsusadmin I get a notifications at the bottom.

To Do List
Check your server configuration
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running. Non-running services: SelfUpdate
Can any body help me

From pepitoe - 5/24/06 10:25 AM

Install on next restart/shutdown
It would be very helpful to be able to set updates to download to computers but not install until it is restarted/shutdown.  This would either be an approval option so you could set it for each update and set different options for different groups, or it could just be a group option, eg set the servers group to this option.
This would be very useful, especially for servers where you can't just restart it when you like, and you can't risk updates stopping important services when they install.  I have had an exchange update which installed earlier than we wanted and stopped exchange working until the server was restarted, at the moment we prefer manually downloading exchange updates so we can be sure they are applied at the right time.  This option would also be useful to prevent the updates from interrupting users work with the annoying restart dialog that they can't get rid of without restarting.

From protofj - 5/15/06 9:34 AM

Advanaced reporting across servers: I really need to be able to report the status of machines according to group regardless of which upstream or downstream server they are connecting to. Specifcally we currently have three wsus servers (two downstream) with several computer groups setup. I need to be able to create a report that shows the status of ALL computers in a group across all 3 servers.

From CharlesR - 2/2/06 1:14 PM

SuperSyl, so would I. I'd love to have it like my AD structure so when I add depts to the deployment I can put them in their main group. We still have some depts on ISDN or dialup and will add them as fiber is installed.

From SuperSyl - 1/31/06 11:40 AM

I'm very interesting to have the possibility to create subfolder group in computer group.

From gigafunk - 1/11/06 11:51 AM

I wish the wsus admin page had a download from directory option where I could syncro the updates on an offline wsus server from a copy of the data directory from an online one.  Wsus current offline synco method stinks, and gives me access denied errors.

From maximillianx - 12/12/05 4:48 PM

The ability to reconcile AD computer accounts with WSUS clients.  Perhaps an enhanced 'cleanstalecomputers' tool, but interfaced directly within WSUS?

From rialtus - 12/8/05 3:52 PM

I want to recind my last comment - the option I was looking for was buried at the bottom of the Synchronization options page.

From rialtus - 12/2/05 10:04 AM

I owuld like to see a better way of addressing replicas. For example, if we purchase a new company that also has a WSUS infrastructure and we're trying to collapse them into one, it's not feasible because the only place to change replica settings in during installation. The same is true of the reverse -- we want to sell a company and have them take their own WSUS server without rebuilding it.

This was a feature that I used in SUS (albeit for different reasons), and I would love to see it in WSUS. 

From Imurphy - 11/29/05 3:35 AM

You can force an update using wuauclt /detectnow .... on machines which are running the correct version. There isn't any way of knowing if they are running the correct version except to start examinging exe version numbers. However if nothing happens you have to start digging around to work out whats going on. The new wsusclientdiag has been a great improvement, but why not just build this all into the client? How about some extra switches: wuauclt /interactive to display what its doing wuauclt /debug similar wuauclt /version to display the version of the client (in case of future changes) wuauclt /installallnow to install all patches without further ado wuauclt /rebootafterinstall once finished reboot I'm thinking of the installation of a new machine where you connect it to a network and then have to update it. I would be handy to be able to log in, open a window and type wuauclt /installnow /yes /rebootafterinstall While at the moment its *much better* than the old manual patching used to be, if you have to install batches of 10 or more machines it does makes life easier.... and its not as if it implies any great changes. Graphical or command line would be good, doesn't matter. Does the wuauclt have to be such a shy beast, bring it out in the open!

From Imurphy - 11/29/05 3:24 AM

And how about a getting rid of the wsusadmin/ bit we have to type on the end. At the moment the default install creates an admin page in http://server:8530/wsusadmin/. I usually make a couple of dns and iis changes to replace this with the much easier http://wsus.org.local/wsusadmin/. Would it not be possible to add a simple default.aspx to the root which redirects to /wsusadmin/ ? Then we could all just use http://wsus.mydomain.local/

From Imurphy - 11/29/05 2:57 AM

Harolds comment above touches on the problems which affect SBS. I'm not quite sure why the wsus client has to connect to http://computername/selfupdate.aspx and not just use the same address as specified in the group policy but it causes no end of problems. I'd like to add the ability to remove items from the content library. If you make a mistake and approve, lets say, office 2000 patches, it downloads everything but there is then no way to remove them. This probably doesn't affect english language sistems very much but on non-english sistems its very easy to make a mistake and end up with several gb of patches which you cannot easily remove. How about a reminder email as well. If you have 10-15 wsus systems to maintain its easy to forget to connect to one to approve patches. You may be aware that patches have come out but tracking which of the sistems you maintain has had its patches approved is essentially manual.

From maximillianx - 11/14/05 9:23 AM

As there is the ability to filter against a particular update, I would like the ability to filter against a particular computer from the reports (or computers) screen.

 

From DavidRa - 9/20/05 5:59 PM

The command line installation mode needs to accept the appropriate options for deploying replica servers. I'm presently rolling out over 170 WSUS replica servers - but to automate installation of WSUS in replica mode required writing a VBS script that clicks on the appropriate buttons in the UI (SendKeys). Surely if you're deploying replica servers you want to automate it? Also, we need a WSUS command line administration tool - not for update approval but for configuration of options / synchronisation so that scripted deployment of the server can initiate sync and then set the scheduled sync time.

From ArmyAnts - 8/26/05 3:48 AM

Regarding:

From pepitoe - 2005-06-30 10:22 AM ...- a way to delete custom view filters

You probably found this already, if not or for others who may be looking - click "Updates", select your custom view in Products and classifications, click the link "Change custom view", when you're viewing the custom view you'll have a delete button at the bottom.

 

From mbakunas - 8/25/05 12:27 PM

I'd like to see the ability to grant access to the reports without making a user a full administrator of WSUS.

From Harald - 8/18/05 5:06 AM

Another SelfUpdate Wish - Hi, i've noticed, that SelfUpdate is configured during Setup at http://%computername%/selfupdate. My wish would be to add a textbox to the setup, which allows to enter a different name for the machine part of the SelfUpdate URL. This would allow to use the IIS ability to run on a different IP address than the host system in full extent. In my case the regular ip and port 80 of the host system is captured by a different service. Since i've no other choice at the moment, i've setup a DNS record with a different Name and IP Address for WSUS. My GPOs are pointing to that name and the IIS Server with WSUS installed to the default site, is listing on that Ip-Address. Additionally i've changed the addresses listed in httpcfg to the proper one plus localhost. Everything is working smooth for me, except, that the SoftwareDistribution.Log records errors when contacting http://%computername%/selfupdate. This error also shows up as Task in WSUS Admin. Again, everything works fine, obviously except a script, which checks the mentioned URL instead of the real name of the WSUS. So either a DNS query for the name of the IP Address of the site or a way to enter the DNS Name during the setup, would be highly appreciated.

From maximillianx - 8/3/05 2:18 PM

SNMP and/or perf counters

I'd like to see values showing total computers, computers needing updates, etc. (most of what the API can pull) available via perfcounters or SNMP for monitoring solutions.

 

 

From Virulon - 7/19/05 9:45 AM

BSA, I guess I need a visual (that's the kind of learning I am, visual/hands on).  I also spoke the to WSUS at TechEd and they are a great bunch so if they understood your request and said it can't be done currently, then you have a valid desire for an enhancement request.  Best of luck with it.

From bsa - 7/18/05 10:58 AM

My goal is to have the servers download content from MS but get approval settings from an upstream server. The clients would then be pointed to a local server for content and settings.
I talked with the WSUS team at TechEd and they told me the configuration I want isn't currently available, so I guess it belongs here on the wish list.
The point is that this configuration would cut the WAN/Internet (same thing for us) bandwidth usage for WSUS by about 50%.

From Virulon - 7/16/05 9:42 AM

BSA, I think what you are asking for is already a feature.  Go into the options section and choose the option where the patches are left on the Microsoft site and not downloaded to yours.  That way your WSUS server just has the config, the policies, and the approved patches.  Then the clients (the ones you mentioned on the WAN) will download from Microsoft (only the ones you've approved) and not from your server.

From bsa - 7/15/05 10:06 AM

I'd like to see a way to synchronize settings with an upstream server but download content directly from Microsoft.
Our WAN is all VPN. We want to control the required updates from a single point to maintain consistency, but with a VPN architecture it is much more effective for us to download content for each server directly from MS. That way we are only using one sites connection for the download instead of both the source and the target sites.

From pepitoe - 6/30/05 10:22 AM

- an editable comments column for computers for easier identification

- rename groups rather than having to delete them and start again

- a way to delete custom view filters

- Mixed should be in the Approval options in the View filter

From hadadink - 6/27/05 7:59 AM

Need a /installnow client switch.  

I use the /detectnow all the time, and sometimes the /resetauthorization switch...but I would love to have a /installnow switch for the clients that are set to 3.   I have lots of servers that are set to 3, download and notify...   The problem is that we HAVE to login to each one and this takes too much time.   I want them to be installed manual, but I'd love to be able to do them ALL manually at the same time... Maybe an even better option would be to have a /installnow and /r for reboot also...   This could be done from MOM or a batch file, script, or using psexec @file.txt on multiple computers... 

This would be very helpful...

From maximillianx - 6/16/05 2:58 PM

'nother column:

Download size.  If I'm going to unleash holy hell on my network :) I'd like to know how much data I'm spewing forth!

Ability to export to CSV/XLS:

It's great to be able to print these things, but I want to be able to generate a history on my data.

From maximillianx - 6/15/05 11:52 AM

Columns

Additional columns to sort by - KB# MS0x etc.  Would make searching through the list of updates a bit easier.

Patch Groups

Similar to Shavlik, I would like to create a patch group, so I can report on a subset of updates rather than looking at each patch status report and seeing if my computers fall in there or not.  I would think this would be relatively easy to implement.

Rob

From dcoleman - 5/24/05 8:59 AM

It would be nice if WSUS clients could be pointed to multiple sources for updates in a hierarchical fashion (Primary, Secondary) similar to DNS, WINS, etc.  For example, I'd like to have laptops get their updates from an internal WSUS server when they're on my network, but automatically "fall back" to getting updates from windowsupdate.microsoft.com when they're on the road.

From paulgear - 5/12/05 5:01 PM

I would like customisable columns in the computers screens, including the ability to add columns for IP addresses and BIOS ids, and sort them correctly (i.e. IPs sorted in proper numeric order, not alphabetically).

From Quaternion - 4/19/05 6:12 AM

I nice part to add would be the option for wake on LAN so the updates will be installed  at night after sending a WOL signal to the PC's that needs to be updated. When the updates are finished installing the PC will shut down instead of reboot.

From joedavis - 4/16/05 4:52 AM

It would be great to have the ability to change synchronization options so that the WSUS server(s) will synchronize with Microsoft on certain days at a specific time, rather than just a certain hour every day.

From swinefeld - 4/8/05 12:05 AM

I'd like to see some sort of baseline/platform options support.  As in, any workstations put on the network are going to be 2000-SP4/XP-SP2 with IE6-SP1 (or forced to that level through policy), so I'd rather not have to even deal with the all the stuff that came before, tracking supercedence etc.  I realize that large operations are likely to have a much bigger mix, but it would be nice to have the choice.

From Skatterbrain - 3/26/05 9:39 AM

Say, what happened with the "Decline superceded updates" option checkbox?  That was kind of nice in WUS b2.  I don't see it in WSUS.  I'm supposed to manually find them and decline them now?  Ugh.  Sounds like manual labor.  If I'm missing it (right in front of my deformed nose most likely), someone please point me in the right direction?

From Skatterbrain - 3/24/05 8:42 PM

In WSUS RC it's still a little awkward to get from the report that shows updates needed back to the update itself to approve it for installation.  I wish that was linked more directly.  Also, in the filter options, it would be nice to have "Not Declined" so I can see everything not declined (he says fading off quietly). :)


Last Modified 5/1/08 5:33 AM

Hide Tools

Site
Changes
Index
Search

User
Log In
Register