Hi there,
I have inherited a messy WSUS environment that I have to use until 2015.
We patch in quarterly cycles Jan/Apr/Jul/Oct and split out systems out into Computer Computer Group then sub-group Dev/Prod/QA.
I have updates that have been missed over the past year that I'd like to get installed on the handful of servers that missed it in previous quarter patching for whatever reason. However, when I approve the update, it also installs on any needed server in previously approved Computer Groups.
I have approved an update for BI Production Servers and BI QA Servers earlier in the year. I now wish to approve the same update to BI Test Servers. In the mean time, an additional server has been added to BI Production Servers that does not have this update, but as being production I do not wish to install it, just yet.
I approve the update for BI Test Servers. The GPO sets patches to install on Sundays at 0300. This time comes around and both the server in BI Test Servers and BI Prod Servers have received the update.
My assumption, as mentioned earlier, is that because BI Productions Servers had had approval for this update at an earlier time, it applied to the server in this group and installed automatically.
I had thought deleting any old Update Views would have mitigated this, but I guess they are just views.
What I would like to do, is to clear all previous approvals in WSUS, so the system thinks no updates have never been approved. Is such a thing possible?We're running the system on SQL so a query that can amend this would also be an option.
The system is also running a downstream server, so any changes would need to propogate downwards. Unsure if SQL would cope with this.
Sorry for such a long post!
Any help gratefully received!
Lewis