I’ve come to the conclusion that I must be the only SBSer in the blogosphere that uses the R2 patching console… either that or they are all over on the Dell OEM bulletin board and I need to go hang out over there.

To all of you who have sent me emails saying “I don’t know if R2’s WSUS dumbs it down but the way to get defender updates to autoapprove is to check the definition updates“, a huge Thank You. 

But yes, I know that.

But you have to know that in the R2 console if I do that setting to make Defender updates be the best practice it’s supposed to be….like this:

I get the infamous blue check of death (or really the blue shield) where the R2-ness of the SBS 2003 R2 loses it’s value and you might as well be running normal WSUS 2.0 and not have bought the R2 or installed the R2-WSUSiness in the first place.

The only way to keep that console doing what it should be doing like it is below is to not have Definition updates auto approve. 

So the SBSer running an R2 box has to make a choice:

1.  Break the R2ism and choose the Definition updates to auto install or
2.  Keep the R2ism and then go in on very very regular basis and approve those def file updates. 

So like that screen there tells me that I need to go clean out the Vista test box that is no longer connected which rightfully so causes a yellow shield, but I also have to go in all the time and approve the Definition updates as I cannot set an R2 box to auto approve these without breaking the R2 ism and having to use the WSUS console.

SBS R2 boxes CANNOT do best practices to auto approve the defender updates without breaking the R2-WSUSism which bottom line means that you might as well be running normal WSUS in the first place.

Currently the RC of WSUS 3.0 does the same thing.  Change the things that SBS 2003 R2 demands that you select and you break the R2 control and you must use WSUS 3.0. 

Maybe the solution for now is to break the R2ism, let the def files auto approve and then when you need to approve patches and the R2 console does indeed improve the WSUS console dramatically, undo the auto approve of def files and kick the sync on the server and then kick the client check in?  That seems a bit cumbersome, honestly. But with Vista now having Defender default installed, approving the Defender updates needs to be a lot more automatic.

Well I’m off to the Dell Community Forum … see if there’s anyone over there running R2….

5 Thoughts on “I think I’m the only SBSer running R2

  1. Robert Miller on February 25, 2007 at 5:10 pm said:

    Not quite the only one. Yes, I think it is a pain in the rump for any of the definition updates (or for that matter any of the catagories), that we would want to just update on a automatic cycle, break the R2 control. Why should it not be that what WE out in the field want. We are going to approve them (one by one) anyhow.

  2. Don’t you just hate it when people don’t bother to read stuff properly 😉

    But I would say, in its present form, the R2 WSUS provides no value. It is broken. It needs a patch so that it auto-approves definition updates and still gives you the green check. Only then will it provide value.

    To be honest, as someone who used WSUS since day 1, I was very comfortable managing things manually and I prefer to use client-side tagretting through group policy. Whatever decisions the SBS team make in this regard, it will be wrong for some people. I would probably tell my customers that we turn of the automatic patch handling because we have a process that is even more secure than the defaults – and leave it at that. In fact, I don’t have any customers on R2 yet (only myself – my own best/worst customer) so it just isn’t an issue.

  3. Yes, I too am an R2’er…

    I’ve always been on R2, but it would’ve been nice to get that green check of health all the way down just once. Just once I say.

  4. So back to my comments before R2 released, big Whoop! R2 gives us nothing that any competent admin wasn’t already doing in the first place and in fact just adds another stupid GUI console to help dumb down the techs that obviously can’t do anything without a console.

  5. Yuhong Bao on March 14, 2007 at 12:05 am said:

    SBS update services has it’s own way of auto-approving updates. Let it do so

Post Navigation