I'm starting to use WSUS for patch management and I'm a little light in the experience department. Our requirements are simple in that we want to make sure every server we have is up, on and ready for patches once a week. We can automatically approve all patches and are using group policy to regulate behavior with finally forcing a reboot 15 minutes after installation. I've created several OU's for our VM's along with a corresponding GP and can regulate what happens based on the needs of the group.
Now it dawns on me that I may need to handle the server running WSUS a little differently than all the others since I need it up during our maintenance window. My thought was to create a separate group group and time it so that I patch that server maybe a day in advance, or much later in the day.
What has experience taught you about patching the actual WSUS machine that could keep me out of trouble. Any thoughts and suggestions are most welcomed. Thank You.
Best Answer
Seeing as your WSUS server is a single server (unless you have replica/downstream WSUS servers), it's probably simplest to just manually install updates on the WSUS server on the day and at the time of your choosing. WSUS being up to date with updates has no bearing on the updates it delivers to your WSUS clients.