RE: Patch Management

From: "Devin Rambo" <drambo@xxxxxxxxxxxx>
Date: Fri, 20 Apr 2007 14:47:42 -0400

Arif,

I'm not sure how WSUS v3.0 handles the bloat of declined/expired patches,
but in v2.0, you have to manually clear them. If you're on v2.0, here's what
you want to do:

1. Download the WSUS server debug tool from
http://www.microsoft.com/windowsserversystem/updateservices/downloads/defaul
t.mspx. The link is to "Server Diagnostic Tool" just to confuse everyone,
but that's the tool you want.

2. Extract the tool to someplace on the hard drive of your WSUS server.

3. Open up a command prompt, navigate to the directory where the tool lives,
and type the following command:

WsusDebugTool.exe /Tool:PurgeUnnneededFiles

The tool is misnamed a bit. It actually purges ALL the files from the patch
repository. It will then proceed to re-download anything that you have
marked as approved for install. I'm running WSUS on a virtual server with
semi-limited storage space, so I actually run this command over the weekend
immediately following Patch Tuesday just to keep my server nice and tidy. I
strongly recommend running this so the downloads happen during off-peak
hours, for obvious reasons. HTH.

Devin

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Sec Melis
Sent: Friday, April 20, 2007 12:13 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Patch Management

Have you guys check your disk space used by WSUS?
Surprisingly, my WSUS eats more than 26 GB space for last 2 years! Imagine,
how many bandwidth resources was consumed during that time if it's
distributed across, let's say 30 WSUS relays and 8000 clients for one medium
company ......

Duh dear uncle Bill ......

Arif Jatmoko

Follow-Ups:
- RE: Patch Management
  - From: Nick Duda

References:
- Re: Patch Management
  - From: visitnikhil
- Re: Patch Management
  - From: Sec Melis

Prev by Date: Patch Management
Next by Date: RE: Patch Management
Previous by thread: Patch Management
Next by thread: RE: Patch Management
Index(es):
- Date
- Thread

Relevant Pages

RE: Windows Server Update Services 2.0 Error
... I examined the configuration for the WSUS site and the scenario number 2 ... On the WSUS Server check the permissions on the following Directory: ... Microsoft Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
RE: Check Your Server Configuration
... you still get that error message in your WSUS? ... Please note that Windows Server update service currently is not supported ... Microsoft is providing this information as a convenience to you. ... >> site WSUS vroots access settings must be modified to enable WUS clients ...
(microsoft.public.windows.server.sbs)
Re: SBS 2003/WSUS 2.0 Problem
... After all is said and done, WSUS setup still gave the same error and I ... Monitoring component we checked in the registry and it appears the ... Please make a full backup of the SBS 2003 server before the following ... select Microsoft SQL Server Desktop Engine ...
(microsoft.public.windows.server.sbs)
Re: SBS console shows update installation error for 1 client PC
... Just to follow up on this: to get rid of the error, I had to completely remove WSUS 3.0 SP1, then remove and re-install R2 technologies then reinstall WSUS 3.0 SP1. ... I didn't need to touch monitoring at all. ... You can run the server cleanup wizard from the WSUS options node and choose to remove the computers that have not contacted the server in 30 days or more. ... select Microsoft SQL Server Desktop Engine and then click Remove. ...
(microsoft.public.windows.server.sbs)
Re: Windows Update Services 3.1
... email notifications settings and click the Test button on your WSUS 3.1, ... This issue may happen when the Exchange server is not ... Click Start, point to Programs, point to Microsoft Exchange, and then ... and then click SMTP. ...
(microsoft.public.windows.server.sbs)