I’ve come to the conclusion that I must be the only SBSer in the blogosphere that uses the R2 patching console… either that or they are all over on the Dell OEM bulletin board and I need to go hang out over there.
To all of you who have sent me emails saying “I don’t know if R2’s WSUS dumbs it down but the way to get defender updates to autoapprove is to check the definition updates“, a huge Thank You.
But yes, I know that.
But you have to know that in the R2 console if I do that setting to make Defender updates be the best practice it’s supposed to be….like this:
I get the infamous blue check of death (or really the blue shield) where the R2-ness of the SBS 2003 R2 loses it’s value and you might as well be running normal WSUS 2.0 and not have bought the R2 or installed the R2-WSUSiness in the first place.
The only way to keep that console doing what it should be doing like it is below is to not have Definition updates auto approve.
So the SBSer running an R2 box has to make a choice:
1. Break the R2ism and choose the Definition updates to auto install or
2. Keep the R2ism and then go in on very very regular basis and approve those def file updates.
So like that screen there tells me that I need to go clean out the Vista test box that is no longer connected which rightfully so causes a yellow shield, but I also have to go in all the time and approve the Definition updates as I cannot set an R2 box to auto approve these without breaking the R2 ism and having to use the WSUS console.
SBS R2 boxes CANNOT do best practices to auto approve the defender updates without breaking the R2-WSUSism which bottom line means that you might as well be running normal WSUS in the first place.
Currently the RC of WSUS 3.0 does the same thing. Change the things that SBS 2003 R2 demands that you select and you break the R2 control and you must use WSUS 3.0.
Maybe the solution for now is to break the R2ism, let the def files auto approve and then when you need to approve patches and the R2 console does indeed improve the WSUS console dramatically, undo the auto approve of def files and kick the sync on the server and then kick the client check in? That seems a bit cumbersome, honestly. But with Vista now having Defender default installed, approving the Defender updates needs to be a lot more automatic.
Well I’m off to the Dell Community Forum … see if there’s anyone over there running R2….