3 Replies Latest reply on Feb 3, 2017 12:36 PM by cwinning

    WSUS running w/ Protect on Windows Server

    msdiv Rookie

      Fairly new to Shavlik in general and automated patching solutions.

       

      We're running Shavlik on some of our Windows servers.  Last week, we had a pop up telling us that there were patches available for download; the pop up was thrown by WSUS.  We've got the servers configured as 'manual' for Windows patches.  Our thought is that doing so would allow Shavlik to own the patch process.  The problem for us with this is that this particular server is accessed by one of our clients via remote desktop, and we don't want those messages popping up for them.  The other problem is that these patches that WSUS found were available on the last patch cycle that Shavlik was supposed to have implemented for us.

       

      I'm curious how we should be configuring the Windows update so that it plays nicely and  effectively wish Shavlik.

        • 1. Re: WSUS running w/ Protect on Windows Server
          cwinning CommunityTeam

          Hello,

           

          Any messages you see are directly from Microsoft and are not controlled by Shavlik Protect.  This document will help you configure Windows Update when using Shavlik Protect:  Best Practice: Windows Automatic Updates

          Basically, set Windows Update to never check for updates and set the Windows Update service to manual like you have it.  Keep in mind that WSUS will show messages so you will need to either remove the WSUS agent or configure it to do nothing.

           

          We do not recommend running Shavlik Protect and other patching produces on the same machines.

           

          Thanks,

          Charles

          • 2. Re: WSUS running w/ Protect on Windows Server
            treed SupportEmployee

            Update to discussion from Duane            

             

             

            We are trying to use Shavlik exclusively for patch management.  The crux of the issue is, that when we set our Group Policy “Configure Automatic Updates” to disabled, Windows Update will notify our users that Windows Updates have not been checked recently.  We get a blue bar across the screen horizontal with 1 button “Get Updates”  If you click on “Get Updates” it takes you to Windows Update module.  I would like to avoid any user notification from Windows Update but I haven’t found the secret sauce yet. 

             

            We have also tried the Group Policy “allow non-administrators to receive update notifications”  to disabled but that doesn’t seem to block all notifications. 

             

            We tried stopping the Windows Update service all together but found that Shavlik used or in some way require the Windows Update service in some fashion to install Microsoft KBs. 

             

            Any other best practices to hide all notifications pertaining to Windows Update?

             

            Thanks

             

            Duane

            • 3. Re: WSUS running w/ Protect on Windows Server
              cwinning CommunityTeam

              Hello,

               

              Please keep in mind, you never see Windows Update message when installing patch through Protect.  So there is something configured on these systems, most likely through GPO, that is causing these messages. The only method of preventing all messages from Windows Update is covered in this document:  Best Practice: Windows Automatic Updates   Windows Update can't have any interaction with the OS otherwise it will show popups.  I've performed a lot of research on this subject throughout the years and found it to be a all or nothing with Windows Update messages.  That's not saying there isn't a solution, we just haven't found the secret sauce too.

               

              Have you posted this on a Microsoft support site?  (I really couldn't something searching)

               

              Thanks,

              Charles