In our SBS 2008 Setup Guide V1.5.0 at step 22 we indicate some customizations to the WSUS setup.
- 22: Make changes to the WSUS Setup:
- WSUS Classifications: Enable all except Drivers.
- WSUS Sync Schedule: Increase synchronization frequency schedule depending on what products are installed on the server.
If we have Forefront Server Security for Microsoft Exchange licensed on the SBS 2008 box, we would set a synchronization schedule of once per hour.
Now, since we use ExchangeDefender for our e-mail sanitation needs, we generally do not need to synchronize WSUS with such frequency as Forefront would not be installed.
However, we tend to set that frequency to at least 6 checks per day which equates to synchronizing every 4 hours.
In the above blog post, Damian examines an issue with a SVCHOST process causing a spike in the SBS server’s CPU.
After some troubleshooting by Damian, the problem turned out to be the Windows Update client and a series of Forefront updates.
Here is another WSUS update related issue that hit us:
- The Official SBS Blog: Windows SBS 2003 Update Services Gives Error- The Element Already Exists in the Collection
So, when a problem fix is published by Microsoft to WSUS, it will not hit SBS until the next scheduled sync. The default is 1 sync per day (24 hours).
Our setting the WSUS sync schedule to every 4 hours is our attempt to mitigate any possible problems we may encounter.
WSUS Driver Classifications
As far as not allowing drivers to come down through WSUS, we do this for heterogeneous networks that still have Windows XP Professional installed on physical hardware.
For homogeneous Windows 7 networks, which are starting to be the norm, we enable the Drivers classification as the drivers delivered have been consistently stable in both the update process and in post update system stability.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book