Installation and Patching

How can we improve the installation and patching of Windows Server?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Set e-mail configuration in WSUS API

    We can configure a new WSUS server using the COM API and PowerShell cmdlets for every option in the UI except for setting the e-mail notifications.

    We can Get them:
    https://docs.microsoft.com/en-us/previous-versions/windows/desktop/aa349873(v%3Dvs.85)

    ...but there's no way to Set them.

    At my company, the build is fully automated including installation and configuration of WSUS, but for the e-mail notification settings.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
    • [New tool] [WSUS] WSUS Server should be manageable via Windows Admin Center

      On the Windows Admin Center Manager WSUS, allow updates, allow machines, create groups ...

      9 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow CNAME to be used for the WSUS SSL certificate

        Switching WSUS to run on SSL is easy, but you can only configure it to use a certificate that matches the hostname.

        We're in the age where servers are in the cloud and can be regularly rebuilt using automation, where the default hostname will change with each rebuild.

        This means that, if you're using a DNS CNAME to point clients to your WSUS server, you can't run WSUS on SSL.

        If we could configure WSUS to use a certificate that is issued using a CNAME, we can point the CNAME to the new server, and everything works. No need to…

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
        • URGENT: Seperate Category for Preview Update Rollups needed!

          Actually it is not really possible to use automatic acknowledgement rules without acknowledgeing any Preview security or preview feature upates for Windows 7, 8.1 etc.

          Please put them a seperate WSUS Category e.g. preview rollups so that an effective testing can be made with rulesets and a test group of computers.

          29 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            7 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
          • import updates server 2016

            Please fix the broken link when importing updates into WSUS in Server 2016 from the update catalog.

            The issue is that the link contains a protocol version 1.20 at the end but the correct version is 1.80!

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
            • FIX the Windows Update Log issues with Windows 10 and Server 2016

              Include al necessary symbol files and updates to base OS and current updates. Many environments do not allow server access (and in some instances workstation access) to the internet to update symbol files as needed. I have tried every posted articles suggestions on getting the windows update log into useful, understandable English, with the only success being to reimage my windows 10 Enterprise desktop. I refuse to do so with my domain 2016 servers!

              36 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                4 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
              • Support WsusContent folder dedup in Server OS.

                It sure would be nice if the WsusContent folder would work with the dedup in Server OS. With Express Updates enabled for Windows 10 deltas this folder grows and grows. Performing a few test cases dedup saves 50% or more however it breaks WSUS.

                9 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                • Separate Windows 10 by branch / version

                  Actually Windows 10 on WSUS is only reflected by a major product category and LTSB.

                  It would be much better if you could add a product category for each branch / release:

                  such as:
                  Windows 10 1507 (LTSB 2015)
                  Windows 10 1511
                  Windows 10 1607 (LTSB 2016, CBB)
                  Windows 10 1703 (CB)

                  This would allow companies with a good patch management to effectively avoid downloading CU patches for Windows 10 that they do not use and also would help to categorize updates in the views.

                  12 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    2 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                  • Implement complete removal of unsused products in WSUS 3.x

                    Please implement an ability to really get rid off unused products in WSUS 3.x

                    Example:
                    A company once used XP and 7 and now upgraded to Windows 10. However it is not possible to really purge old products from the WSUS database.

                    The Update files can be removed using the cleanup wizard, but the entries in the MSSQL DB will remain.

                    Especially if one has once used the older drivers category that has been reorganized for Windows 10, this causes a lot of performance issues and only a fresh WSUS without adding old products and categories will help.

                    This is…

                    8 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                    • Implement WID reindexing and DB shrinking for WSUS on WID

                      There exist a technet site with a maintenance SQL script to reindex the WID for WSUS 3.x, it would be great if you could implement this into the GUI, aside having a capability to backup and restore, aswell as shrinking the WID database.

                      9 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add Windows Update Group Policy Feature to allow clients to download approved updates directly from Microsoft

                        I have a local WSUS server, it stores all my updates for my local users, I approve the updates and everything is great. At the same time I have bunch of remote offices that have faster WAN connections than VPN/MPLS.

                        I can setup a second WSUS server, point it at my upstream server at HQ and tell it to not store the updates. All clients connecting to this server will fetch updates from Microsoft.

                        Why not make this a simple binary GPO overwrite instead of adding the complexity?

                        Force client to fetch windows update binaries from Microsoft

                        4 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                        • BUG: Cleaning up WID for WSUS on Windows 2008 R2 causes DB timeouts

                          this is a known bug but I think rather than reindexing and cleaning up the WSUS DB with a SQL script you could fix this programmatically.

                          The issue is know an happens during the first stage of the wizard when cleaning up old updates.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                          • Increase limit of 3rd party categories in WSUS

                            Currently there is a limit of 100 3party (non-microsoft) categories in WSUS.

                            We are using a 3party patchsupplier (Shavlik, now Ivanti) and this limit of 100 categories is a big limitation for us.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                            • WSUS does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

                              WSUS 2012 does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

                              . Background
                              WSUS 2012 does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

                              Problem Description
                              This creates a fair amount of confusion as we know these are Server 2016 systems but we can’t be certain that they’re being updated properly without examining each system to ensure it has the current platform-specific updates

                              6 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                3 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                              • Get-WsusComputer -ComputerUpdateStatus failed -ComputerTargetGroups clients <-- this lists ALL in the target group, instead of only those

                                Get-WsusComputer -ComputerUpdateStatus failed -ComputerTargetGroups clients <-- this lists ALL in the target group, instead of only those that have status=failed

                                Same result if I use -IncludedInstallationStates Failed too.

                                3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                                • KB3159706 make WSUS console crash.

                                  After install KB3159706, WSUS console can't be opened. Need to do post installation action. It did make trouble. At firs, user doesn't know what cause this problem. After spending time to search for solution, user figure out that this problem is caused by KB3159706. It waste user's time. It's better to have a way to warning user that there is known issue in the update patch when user install the update patch.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                                  • IIS logging for WSUS

                                    Minimize number of 500 errors in IIS logs due to recycling of WSUS AppPool during client scans as it causes excessive false positives in monitoring systems.

                                    5 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Improve the performance of WSUS to inventory and deploy patch on server

                                      Improve the time to see the missing patchs of a server in WSUS after use the command "wuauclt /detectnow" or change the system detection to have the same reactivity like Windows Update on internet.

                                      8 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                                      • When a system is using WSUS, the Delivery Optimization interface should be disabled.

                                        Currently, when a system is configured via GPO to use WSUS, the user can still to go 'Settings' / 'Update & Security' / 'Advanced Options' / 'Choose how updates are delivered' and change the settings.

                                        Since these settings have no effect on a machine that is using WSUS, the Choose how updates are delivered link on the 'Update & Security' / 'Advanced Options' interface should be disabled.

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Provide better WSUS scheduling and force scans of systems.

                                          I would like to be able to select all updates I want and push them out at different times. Then have WSUS scan the systems again and push remainder of updates out until my servers are fully patched. I would also like to be able to fire updates out based on adhoc server right off the bat and watch progress.

                                          7 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base