Glad I got rid of wsus. Suck a pain to manage.
The school I helped administrating did the same quite recently. I am so glad that we don’t have to spend time with such WSUS workarounds from Microsoft.
We now manage feature updates by specifying the target Windows build via GPO.
That’s enough for our needs and works great to ensure that all computers use the same feature update and the latest of all other updates.
Luckily that’s the only place I have to deal with Microsoft / Windows at the moment.
We started using Vulnerability Manager plus from Manage Engine. Gives us patch management, as well as teneble like vulnerability scanning.
The way I read this, it makes it sound like updates need to be imported manually this way forever, from this point on. Is that correct?
Does this cause a large risk of missing or delayed updates for corporate environments using WSUS, or am I misunderstanding something?
I can report synchronization still works from MS servers. This appears to be only when you want to import standalone patches or patches that will not come down from the sync.
Thanks gpburdell01, I just spoke with an old SCCM admin colleague and he confirmed the same thing you said.
That makes this much less of a big deal.
That’s what I am wondering as well. What’s the purpose of this? This makes it sound like it’s making things easier but not giving details as to why and what this solves.