Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,083 questions
Thank you very much
WSUS Set client default download location
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 99%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Meeee
141
Reputation points
I am in the process of setting up a new WSUS server on windows 2019, I have set the server up and am looking at GPO options. We run a multi office environment which includes a lot of mobile people.
I was wondering is there a way to get configure the desktops / laptops to check the WSUS server for which updates they are allowed to install but to get them to pull the updates down direct from the intranet instead. Looking at the GPO options I have to set -
“Set intranet update service for detecting updates” & “Set the intranet statistics server” both to the new server, I am guessing this will then tell the workstations to check and then pull the updates from these servers?
Is there a way to check the server but pull direct from MS?
Accepted answer
5 additional answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 24%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Rita Hu -MSFT 9,626 Reputation points2021-11-02T09:02:57.37+00:00 @Meeee
I agree with @Adam J. MarshallPlease tick the below option on the WSUS console. Then the clients will connect to the Internet to get the approved updates when the clients scan for updates from WSUS.
It seems that it is a helpful solution. Please have a try if the issue haven't been resolved. Please don't forget to accept the helpful solution as an answer if the issue has been resolved. It will be helpful the others to save time researching.
Thanks for your time and wish you have a nice day :)
Regards,
Rita
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Adam J. Marshall 8,621 Reputation points MVP2021-10-20T14:22:16.237+00:00 You will want to check out my blog regarding this.
-
Meeee 141 Reputation points
2021-10-20T15:38:10.29+00:00 Thanks for the info, so basically I need to set up an additional server in the DMZ and then get the Workstations to pull the updates from here? There is no way for them to talk to the internal server via a VPN then pull the updates directly from microsoft updates rather than them pulling them from the internal server?
-
Adam J. Marshall 8,621 Reputation points MVP
2021-10-20T15:52:49.227+00:00 Not if you want the 'AND'
Internally download from WSUS, AND externally download from Microsoft (without VPN - if on VPN they are considered Internal)
You can set WSUS to not store updates and ALL updates download from Microsoft - both internal and external connections/vpn
Sign in to comment -
-
Meeee 141 Reputation points
2021-10-21T08:14:07.967+00:00 Thanks, very helpful.
just out of interest how can I set the WSUS server to - "You can set WSUS to not store updates and ALL updates download from Microsoft - both internal and external connections/vpn"Most of our staff are external so as long as they query the WSUS server for which updates are approved but download them directly from MS that would be fine.