Windows update & microsoft update



  • Hi, Does anyone know if it is possible to use Pfsense for redirecting update.microsoft.com to local wsus server ? I know you can add registry setting to each computer to make it work. I do not want to this because most of the computers are in house for service. Do you think it is possible?
    Also I know windows update uses several different urls. If it is possible to redirect windows update to local wsus server, I think I would have to make an alias containing all the different urls…
    I am using Pfsense version 2.0.1



  • Hi,

    you can try with DNS Forwarder and add an "Host override" and pointing to your wsus server.
    But not sure if this will work.

    PS: I have a question to editing the registry key. My hosts are not in a domain - can you tell me the registry key I have to change that these hosts can do windows Updates from a WSUS server ? Or any documentation of the registry key on the web ?

    Thank you.



  • Thank you for your answer ! I have been looking around several forums and no-one have come up with an idea for how to force using WSUS. I will try your method but I dont think it will work, as several others in other forums has said that it wont work using the DNS at my DC.

    You can add WSUS to your computer outside domain. Please check this link. This will work for you.

    http://community.spiceworks.com/how_to/show/2267-deploy-wsus-to-clients-without-ad-domain-gp-using-the-registry

    Regards



  • Thank you,

    I will check this link.

    Did you think about the possibility to use squid on your pfsense and cache all the windows updates there ?
    I am doing this at the moment for Windows XP and Windows 7 machines.

    In squid2 you have to add the "refresh_pattern" manually as custom options. squid3 has this implemented in the GUI.



  • In a windows domain environment. I use wsus. For starters make sure your clients have the primary DNS of your local domain controller. Do this by amending dhcp. Then on the domain controller you have to create a group policy. Do this by going into admin tools and look for gpo. It's so much easier now in a 2008r2 environment, but 2003 takes a little more work. This is deffo the best way and the Microsoft way of doing it.


Log in to reply