We are a couple months into using WSUS for rolling out updates for our company computers. So far it's gone wonderfully – clients are auto-updating daily, and servers are waiting for our permission every Friday. It's a wonderful thing.
Every once in a while, though, I check in the WSUS client to make sure computers/servers are successfully updating – my goal is to have the "Needed Count" field be 0 (or close to 0). Unfortunately, all of my servers are showing a Needed Count above 7.
I did a status report on one of the servers, and it is showing all the updates that the server "needs", regardless of the approval I've given it. For instance, we generally do not approve Silverlight updates for our servers (it's unnecessary). So, as I'm marking them as approved for our workstations, I hit the "Not Approved" button for the servers group. It would appear, though, that updates that are Needed and Declined still count into the "Needed Count" field.
Is there a way to change that field so it only includes approved updates that are needed?
Best Answer
"Not Approved" is the default state that an update comes in with (inherited to all groups). When you select "Not Approved", you're replacing the inherited (lack of) approval with your explicit lack of approval - in effect, nothing is changed, and the update will still be shown as needed.
The "Decline" state is global, and cannot be assigned per group.
I see three options: