WSUS Entries

Question

Odd question for MS Experts.

I have a WSUS environment, and 99% of my servers report to it. This makes it very useful as a list of servers and workstations. But there are 1% of our servers that are in the DMZ or off network. I want to use the list of my WSUS computers to know what computers need to be patched, so they don't get forgotten.

These 1% never have to actually talk to WSUS, just appear in the list of computers so a human knows they exist.

How can I manually add a computer to the WSUS Server?

Can I manually manipulate the DB (Full SQL), and if so, how?

Answer 1

Hello staypuft-3072,

Thank you for posting on Q&A.

In order to for me research further, please help to provide the following information:

1. The 1% servers are disconnected to the Internet. Is it right?
2. Did the 1% servers joined in the domain? Whether the 1% servers are connected to the WSUS Server or not.

In my opinion, the 1% servers which want to get updates from WSUS have to be pointed to the WSUS Server. We could apply the following policy on the 1% to point to the WSUS server.

(Policy Path: Group Policy Management Editor\Policies\Administrative Templates\Windows Components\Windows Update)

If the 1% are in the domain, we could apply the domain Group Policy to points the servers to the WSUS server.
If the 1% are in the workgroup, we could apply the local Group Policy to point the servers to the WSUS server.

In addition, we could use the SSMS tool to connect to the database and manage the database. If the tool not be installed on your environment, it is recommended to install it first. Here is a link for your reference to download this tool.

Regards,
Rita

---

If the response is helpful, please click "Accept Answer" and upvote it.

Answer 2

So I think I did not explain it clearly.
I DO NOT want the 1% to talk to WSUS at all. The 1% computers are entered manually purely for HUMAN accounting. So when we run all our other patches, a Human will know there are 1%'ers that will need to be manually patched from CD or internet.

So I want to enter the name in the computer list, manually.

Answer 3

Hi staypuft-3072,

Thanks for your response.

To avoid misunderstanding, you want the 1% server report to WSUS Server but not get updates from WSUS. It is right?

In fact, the WSUS console show the clients Last Report Status as the following picture:

In addition, we could refer to the following picture to check the clients' installation status:

The following picture means that the client is up to date:

The following picture means that the client missed some updates:

But we have to point the client to the WSUS server first and then the client will report the Last Updates Status to the WSUS server. According to the current issue, we could apply the Specify intranet Microsoft update service location policy on the 1% server, and the 1% server could get updates by other methods.

Regards,
Rita

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 4

To avoid misunderstanding, you want the 1% server report to WSUS Server but not get updates from WSUS. It is right?

No. The 1% will NEVER contact the WSUS server. That is why I want to enter them manually. The 'report' and 'contact' times would be empty or meaningless. Just a name in a list