1 Reply Latest reply on Apr 8, 2016 8:44 AM by sz-a

    Question about declining superseded updates

    jkd

      Hi,

       

        One of the best practices suggested for maintaining WSUS is to decline superseded updates that show as 100% non-applicable to your environment. Does this best practice assume you are always deploying your machines from an image that is up to date with patches?

       

      Consider this scenario:

       

      • You review and decline any superseded patches that show as 100% non-applicable to your environment.
      • Your company acquires another company and you inherit their infrastructure. As part of this, you join these machines to your domain and they get your WSUS policy.
      • The machines from the acquisition are not regularly updated and need many patches.

       

      In this scenario, if I decline all superseded patches that were 100% non-applicable to my environment before adding these other systems, could I then be missing patches to apply to these inherited and out of date systems? Would I inadvertently create a gap in patching by doing this, or am I missing some key piece of the puzzle here?

        • Re: Question about declining superseded updates
          sz-a

          As far as I understand there should be no problems, because an superseding update can be installed instead the superseded. The only problem I think could be, if the clients had detected but not installed updates from another WSUS than yours - I'm not sure.

           

          But if this would be problem think of the following: You do best practice - declining superseded updates - and after that you have to install a system from scratch (because Image fails or something else). You would have a problem with updating from your own WSUS. This I can't believe.