Declining superseded updates in WSUS
One area to be careful is there can be different compatibility between the updates, for example I have seen many updates compatible with Windows XP, Vista and Windows 7 to be superceded by an update only compatible with Windows 7.
Here is what Microsoft says:
"WSUS does not automatically decline superseded updates, and it is recommended that you do not assume that superseded updates should be declined in favor of the new, superseding update. Before declining a superseded update, make sure that it is no longer needed by any of your client computers.
The following are examples of scenarios in which you might need to install a superseded update:
" If a superseding update supports only newer versions of an operating system, and some of your client computers run earlier versions of the operating system. " If a superseding update has more restricted applicability than the update it supersedes, which would make it inappropriate for some client computers. " If an update no longer supersedes a previously released update because of new changes. It is possible that through changes at each release, an update no longer supersedes an update it previously superseded in an earlier version. In this scenario, you will still see a message about the superseded update, even though the update that supersedes it has been replaced by an update that does not."
From: Microsoft Windows Server Update Services 3.0 SP1 Operations Guide http://www.microsoft.com/en-us/download/details.aspx?id=4813
Related videos on Youtube
Wes Sayeed
Updated on September 18, 2022Comments
-
Wes Sayeed over 1 year
When you click on an update that has been superseded in WSUS, you get a warning that says you should verify the update is no longer needed before declining it. According to Microsoft, you're supposed to approve the superseding updates first, wait for computers to take them, verify the old ones are no longer needed by clients, and then you can safely decline the superseded updates. Yeah, umm... that's not very practical, Microsoft.
For years I've just blanket declined superseded updates, but I recently came across an article that says you shouldn't do that.
So my question is this: Why not?
Is there ever a scenario in which a particular update is not applicable to a client but the update it supersedes is? Can anyone give me a compelling reason why blindly declining a superseded update is not a good idea?
-
jscott almost 10 yearsVery good question, especially considering the WSUS Server Cleanup will bulk decline superseded updates for you as well.
-
-
Wes Sayeed almost 10 yearsWow reading that second bullet point makes my head hurt. Our network has about 1200 workstations and 200 or so servers. The workstations are about 80% Win7 and 20% XP. Servers run the whole gamut between '03 and 2012 R2. Most updates specifically say "Security Update for Windows 7" or something similar. Wouldn't the update be published under two different KB#s if it applied to both XP and Win7?