Windows Updates caching

Started by fox983, September 23, 2015, 05:35:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 23, 2015, 05:35:37 PM
Hello everyone, this is my first post.
First of all, compliments for the great job you're making for this project!!
I've already searched in the forum but unfortunately I didn't find the answer.
So, this is my question: is in your plans implementing a feature for simply caching Windows Updates like IPFire (see http://wiki.ipfire.org/en/configuration/network/update-booster)?
In my lab there are many PCs (for repairing - no AD), when Windows Update starts internet connection slows down, a simply web page can take 1-2 mins to load. I think it could be helpful for everyone that doesn't have a good internet connection. If not possible, can you tell me a solution for this?
I've tried http://wiki.squid-cache.org/SquidFaq/WindowsUpdate with pfSense, but IPFire's solution is much better and ready to use...
Hope to see that in OPNsense, and sorry for my bad english...  :D
Thank you
September 23, 2015, 06:23:49 PM #1
If you already have a lab, why not setup a Windows server with WSUS?
Especially if you have a MSDN license that shouldn't be a problem.

Your clients don't need to be domain members to use the WSUS, although you need to manually configure the local group policy, and use wuauclt to authorize it.

Seems to me that's a lot simpler then messing around with non-Microsoft products.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
September 24, 2015, 10:53:05 AM #2
I'm testing this solution for a couple of days, but requires registry or GP changes when pc come into the lab and I must remember to delete changes when I finish to repair...

It's better to have a transparent proxy that does the caching job (without necessity to approve or refuse update, etc), don't you think?
September 24, 2015, 02:12:37 PM #3
In my opinion, a computer that enters the lab will be enrolled for the lab.
Ideal situation of course.

Personally I don't like caching proxies. Never did.
And to come back to WSUS, you could use your production machine as well, as long as you allow the correct port to the VLAN where the production WSUS server resides.
Unless you have it fysically seperated.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
September 24, 2015, 04:44:37 PM #4
Computers are not mine, I work in a repair shop, after repairing customers bring them back to home.
September 24, 2015, 05:33:12 PM #5
Aaah, now it makes sense to me :-)
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
September 25, 2015, 08:32:32 PM #6
 :) :)
So none of you have this problem?
November 24, 2015, 12:30:51 AM #7
Pues yo bloquear todas las ip y web que utilizan para actualizaciones de windows (por ejemplo windowsupdate.com) tanto por firewall como por proxy, con eso ya ninguno tiene por que actualizarse y consumir tu ancho de banda, y que después vaya a su casa
December 17, 2015, 10:42:35 AM #8
This isn't a solution!  :) Updates have to be done in lab...
December 17, 2015, 11:10:09 AM #9
Isn't Offline Windows Update (forgot the exact name) not something to try out in your case?
Could place it on a share or USB stick for usage.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
Print
Go Up Pages1
User actions