|
How do I apply updates to my Terminal Server using WSUS? |
| This particular issue is a direct result of two factors encountered several times in
Terminal Services environments over the past several months. (1) The updating of a Terminal Services server with users logged on. (2) The configuration of WSUS policy. First, to get rid of the annoying popup, you'll have to remove the option "Allow non-admins to receive update notifications". In addition, you should also consider enabling the User policy "Restrict all access to Windows Update" for those users who are using your Terminal Services server, as you really don't want TS users interacting with the WUA or Windows Update in a TS session. But more importantly is the fundamental practice of applying an update to an active Terminal Services server. This is a very dangerous practice, for several reasons. The most signficant reason is the risk of introducing instabilities into the Terminal Services server, which could cause a crash as a result of the partial install of the update(s). It is very important to understand that updates that require a restart are not fully installed until after the restart is completed. The recommended methodology for applying updates to a Terminal Services server is: (a) Log ALL users off of the TS server. (b) Restrict logon access to the TS server. (c) Apply updates and restart the server immediately. (d) Release restrictions on logon access. |