Thank's, indeed I'm using version WSUS 2.0; Not aware of WsusDebugTool.exe.
However, I'm thinking about comparison of the patch size from M$ relative to
other OSes.
Cheers,
Arif Jatmoko
----- Original Message -----
From: "Nick Duda" <nduda@VistaPrint.com>
To: "Devin Rambo" <drambo@vediorps.com>; "Sec Melis" <sec.melis@gmail.com>;
<security-basics@securityfocus.com>
Sent: Saturday, April 21, 2007 2:18 AM
Subject: RE: Patch Management
Devin,
Reading a couple words into your first paragraph and already I said to
myself, 3.0 handles that now. WSUS 3.0 has a "server cleanup" feature
built into it that does numerous tasks, such as, unused updates and
update revisions, computers not contacting the server, uneeded update
files, expired updates and superseded updates. It tells you at the
completion of the cleanup on what exactly was cleaned up.
- Nick
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Devin Rambo
Sent: Friday, April 20, 2007 2:48 PM
To: 'Sec Melis'; security-basics@securityfocus.com
Subject: RE: Patch Management
Arif,
I'm not sure how WSUS v3.0 handles the bloat of declined/expired
patches,
but in v2.0, you have to manually clear them. If you're on v2.0, here's
what
you want to do:
1. Download the WSUS server debug tool from
http://www.microsoft.com/windowsserversystem/updateservices/downloads/de
faul
t.mspx. The link is to "Server Diagnostic Tool" just to confuse
everyone,
but that's the tool you want.
2. Extract the tool to someplace on the hard drive of your WSUS server.
3. Open up a command prompt, navigate to the directory where the tool
lives,
and type the following command:
WsusDebugTool.exe /Tool:PurgeUnnneededFiles
The tool is misnamed a bit. It actually purges ALL the files from the
patch
repository. It will then proceed to re-download anything that you have
marked as approved for install. I'm running WSUS on a virtual server
with
semi-limited storage space, so I actually run this command over the
weekend
immediately following Patch Tuesday just to keep my server nice and
tidy. I
strongly recommend running this so the downloads happen during off-peak
hours, for obvious reasons. HTH.
Devin
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On
Behalf Of Sec Melis
Sent: Friday, April 20, 2007 12:13 AM
To: security-basics@securityfocus.com
Subject: Re: Patch Management
Have you guys check your disk space used by WSUS?
Surprisingly, my WSUS eats more than 26 GB space for last 2 years!
Imagine,
how many bandwidth resources was consumed during that time if it's
distributed across, let's say 30 WSUS relays and 8000 clients for one
medium
company ......
Duh dear uncle Bill ......
Arif Jatmoko
---------------------
Confidentiality note
The information in this email and any attachment may contain confidential
and proprietary information of VistaPrint and/or its affiliates and may be
privileged or otherwise protected from disclosure. If you are not the
intended recipient, you are hereby notified that any review, reliance or
distribution by others or forwarding without express permission is strictly
prohibited and may cause liability. In case you have received this message
due to an error in transmission, please notify the sender immediately and
delete this email and any attachment from your system.
---------------------
