Deploying Windows Updates?

WinBreak asks: "Well, I guess I'd be an 'IT Administrator' - but I work for a public library. The job consists of baby sitting 20-odd computers. The problem is, as a public library, we don't have much bandwidth - a simple 768K DSL line shared among everyone. It's good enough, for our normal traffic, and when people want to come in and do research (as long as there aren't too many kids on YouTube!). The problem comes when we need to do reformats and installs on machines. Most of our CD's for these machines are XP with Service Pack 1 - though we have a couple with Service Pack 2. For the SP1 CD's, we immediately deploy the SP2 Redistributable. But that still leaves OVER 100MB worth of downloads from Windows Update to go get. Our budget isn't great in the IT department, so spending money is not a great option - but I could sling together a grant proposal if need be. So how do others manage deploying a new install of Windows? Are we really expected to still download 100+MB per reinstall? Is Service Pack 3 on the horizon?" "I've heard of programs that download updates to a server computer and distribute them through the network to clients, but that only worked for files released on Microsoft's Knowledge Base, if I recall correctly - not for all Windows Updates."

Imaging Software

[smvp6459]

Have you ever considered using imaging software to deploy one image to all the machines (if they're identical) or create individual images for each machine (if they're different)? Norton/Symantec Ghost, Acronis True Image, or g4u (Ghost for Unix) if you're looking for an OSS solution.

There's also software out there that can lock down XP, keeping any changes from becoming permanent...I used a program called DeepFreeze to minimize maintenanc on an 12 computer lab I ran.

Reinstalling Windows from scratch is a little inefficient compared to imaging or locking down the machines.

Re:If all most of them are doing is surfing the ne

[BrokenHalo]

Some people use the library computers to do work, which means users expect to read/write MS Word documents. Some of these users don't know how to use anything other than Microsoft Word and would completely panic when forced to use the "forign" OpenOffice.org

They're just not that different. If the user is incapacitated by such a small difference in the layout of menus or toolbars, then he's got more problems than any sysadmin is qualified to deal with.

The grandparent poster is right; there's nothing that legitimate library users do that can't be adequately handled by any reasonably current Linux distro. The myth that Linux can't interact with Windows was blown out of the water years ago, and continuing to repeat it simply generates more heat than light.

All your answers are here...

[symbolset]

This used to frustrate me too. I wrote a longish jounal article with enough detail to do what you want. It's here: http://ask.slashdot.org/~symbolset/journal/134087

Re:If all most of them are doing is surfing the ne

[tomhudson]

Hah! Another bad car analogy.

If your current car has an engine that doesn't run properly, requires a lot of maintenance, and periodic expenditures for a new, buggier engine every few years to that same manufacturer, and someone else is offering you a free new engine, with free upgrades, and the chance to try it, again at no risk, you're going to try it.

In this case, ther are plenty of live DVD/CDs that give people a chance to kick the tires, so instead of having to throw out the whole "car", you can just replace the engine, free of charge. Because that's what most libraries are looking at over the next 3 years - upgrading both hardware and software (they won't be able to buy XP even if they want it, and Vista won't run on their current hardware), or switching to linux/bsd/whatever.

XP is the end of the line for Microsoft. Vista is alreasy shaping up to be both a support nightmare (too many versions, too many rewrites, too much hardware required for a decent "user experience", too many features cut, too many intentional holes in the "new security model", too much maintenance, too much money when compared to the competition). Remember, linux live DVDs are already good enugh for libraries and schools and anyone else who wants to surf the web, and they're only going to get better.

Re:Make one box a server.

[SCPRedMage]

I've had WSUS import my SUS stuff successfully not once, but twice. The trick is to wait until AFTER you've "synch'd" it; that is, have it contact MS so that it can grab all the patch metadata, then you import the approvals and executables. WSUS is different enough from SUS that the data SUS has on patches isn't enough, so it needs to contact a WSUS server in order to know about the patches... THEN it can accept the SUS data.

And yeah, everyone's been right on the domain bit; it's REALLY helpful to have one, but you can just create a .reg file and use that to add the settings into all your computers.

And on my last note, I'd just like to say the main reason I love WSUS is that, unlike SUS, there's a command you can give ("wuauclt /detectnow") that causes the Automatic Updates client to contact the update server and detect updates right then and there, whereas with the SUS version of the AU client, you had to use clever registry hacks to fool it into thinking at had already started one and needed to resume it. Seems like a trivial thing, but it REALLY helps when building a new system...

A little bit of everything

[WinBreak]

First off, I'd like to actually THANK everyone who replied. All of the information was very helpful. I'll be looking into WSUS to fulfill my needs. We currently have an in house server running good ol' Windows NT (no internet connection to it, so we're not worried about security exploits or anything). I thought about using that computer to try WSUS, but then I remembered an unused Windows 2000 Server lisence we have laying around since pulling a machine out of the loop! And with some money in the budget, I can put together a new machine that will serve this job perfect. 2nd, a reason I couldn't just do scheduled or 'automatic updates' with these computers is because I use a program called "Deep Freeze" from Faronics (see: http://faronics.com/index.asp). It basically keeps the computers in a specific state until you tell te software to "thaw" and then reboot. Then, you have to "freeze" the partition and reboot again once changes are finished. Automating some tasks can be a pain - but the benefits of this software in our work environment far outweigh any annoyances. Autopatcher sounds like it'll be nice for home use... sort of a single download and deploy method, rather than having to wait for Windows Update to do its long winded tasks. Thanks for the info, everyone, it's been great, and I'm sure you've all given ideas to many others in my same situation! Garrett C. a.k.a. NuAngel of WinBreak.