Optimize WSUS for work-from-home users

We self-host our infrastructure. Most users work from home using (more or less) poor Internet connections with VPN.

Besides MS E5 and third-party options, is there a (documented) method of getting over 150 users up to date via WSUS remotely?

I have approved some updates, but from the WSUS Dashboard there are still computers either not signed in for the past 30 days or updates needed by computers.

We do not have the resources to add a secondary WSUS. I did read up on some of the similar posts. How can I make sue, my computers get their updates, ugin one WSUS Server and no additional apps?


Solution 1:

This is what I did to remediate the fact I cannot add more servers.

Investigating further we found that users on 3G and ADSL in smaller cities have very high latency. The WSUS did not always respond in time.

I changed the GPO URL to IP address. Intranet Service

As we found that capped users did not update their machines I changed the GPO from option 3 - Download and Notify Install to option 4 - Download and schedule install. Forcing them will update the statistics on WSUS for us to report back to compliance officers. We did not go with the immediate install option, as we would like to control when we receive tickets on failed installs or any issues the setup may have on the target machine. Configure Automatic Updates

And we added Client-Side targeting for end users on the new changes. Client-side Targeting

We kept most of the other settings basic. End users are not setup as admin, so best we control the behaviour of the machines.

For now this solved my issue. The site was configured for onsite desktops and then everyone went home for lockdown and COVID. It needed a rework.