• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 21 subscribers
  • Views 474 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Managing Laptops in Patch Manager

icebun

What is the best practise for managing laptops that are not always on the LAN?

Right now I have Group Policy configured to point all nodes to Patch Manager.

Is it possible to point to a WSUS server (which happens to be the PM server) as well as the Internet for updates?

I see there is an option to create an alternate server location but I am not sure if this means a LAN based one.

I have opened a ticket but the suggestion is to have a different Group Policy pointing to native internet for these laptops?

Any suggestions?

Just an update from my earlier post.

Looks like the best option would be to present the Internal WSUS server (on server 2016) to the internet.

Has anyone done this and is it really a simple case of FQDN on port 8530?

Really want to avoid the hassle of installing a SSL cert so would http://FQDN:8530 be possible?

  • 0

    Setup a group for laptops not on the lan all the time and schedule the critical and security updates nightly. It will only update the relevant devices. Everthing else will be not applicable.

  • 0 in reply to jamesatloop1

    Hi James,

    Sounds like the idea of moving the PM/WSUS server as Internet facing will only truly work if laptop users connect to the LAN via a VPN due to other connectivity requirements.

    Working on the basis that these same laptop users will sprodically return to the office and connect to the LAN, creating a policy with a more frequent check for updates along with core updates seems to make sense.

    Am I right in thinking that if a WSUS download is only partial, this point will be picked up again (at this point) once the laptop is back on the network?

  • 0

    You are correct, the job will continue with missing updates. If you have a situation where laptops are not on the lan you could deploy a downstream pm server on your dmz. Deploy the agents to these laptops and use natting on the router. Install the agents manually to the natted ip address of that server and then updates off the lan will work.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.