WSUS + Automox FAQ: How to Implement Together

We’re often asked when Automox is the better choice than WSUS. Of course, we’re biased, so we say ‘always’. But the reality is that some choose to run both WSUS and Automox together, to get the best of both worlds. Here’s what that can look like.

Click the video above to learn about using WSUS & Automox together.

What is WSUS?

Before we dive in, let’s do a quick recap of Microsoft’s Windows Server Update System (WSUS). Microsoft created it in an attempt to provide a centralized patch management solution for Windows workstations and servers.

For a long time, it was effective enough. But it’s never been without its shortcomings:

  • Clunky controls

  • Heavy maintenance

  • Non-existent coverage for Linux, macOS, and third-party applications

As it turns out, WSUS in many cases may be more trouble than it’s worth. These drawbacks are forcing administrators to spend too much time across too many tools just to cover the patching basics.

When should I replace WSUS with Automox?

Now could be a good time. As we said, WSUS can be clunky.

If you’re struggling with maintaining or using WSUS, or running into issues with patching devices off the corporate network, a cloud-native solution like Automox will immediately eliminate architecture-related maintenance and the need for VPNs. In fact, anything that can reach the internet will get patches, configuration, software, etc.

Teams using additional tools for macOS, Linux, or third-party software patching can also save time and reduce complexity by making the switch to a cross-platform solution like Automox.

When should I use Automox and WSUS together?

Many organizations transition from using SCCM + WSUS to Automox + WSUS for a more usable platform that can manage Linux and macOS (and third-party patching) seamlessly in addition to Windows.

When organizations purchase Automox, some continue to run WSUS due to bandwidth usage concerns at large locations, where everyone is on the corporate network.

In these environments, WSUS operates as a patch caching and distribution mechanism to reduce bandwidth consumption. In this scenario, organizations use Automox to create simple policies to manage patching that points to the WSUS server.

Bandwidth optimization is also possible without WSUS thanks to Windows Delivery Optimization (DO); these settings can also be configured easily with Automox Worklets. We’ll dive into this later.

Automox + WSUS implementation guide

To configure WSUS for Automox, follow these instructions:

Prerequisites

Configure your desired products and classifications, languages, synchronization schedule, and Automatic approvals. These settings will be specific to your environment.

Configure update files and languages (local caching)

  • The ‘update languages’ tab of this wizard will be specific to your environment.

  • Configure the ‘update files’ tab as shown in the following:

Automatic approvals

Update rules: This will be specific to your environment. The goal here is to have WSUS automatically approve any update it finds. This rule should mirror the products and classifications which you have configured on your WSUS server.

Advanced: This should be specific to your environment.

Configure devices

  • Configure WSUS Server in the Automox console for desired groups.

  • Disable OS automatic updates in the Automox console for desired groups (recommended for all groups).

Maintaining your WSUS environment

  • Periodically remove unneeded update files using the following command:

Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupUnneededContentFiles -CompressUpdates -CleanupObsoleteUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates

  • Recommend putting this in a scheduled task to run at least once a month.

This allows organizations to consolidate Linux, macOS, Windows, and third-party app management into a single console without infrastructure.

You can reference additional information & documentation from Microsoft here.

Can I manage bandwidth usage without keeping WSUS?

Yes. Suppose you’re ready to eliminate all infrastructure related to patching and managing endpoints but have locations with many devices on the same network… In that case, you might want to manage the bandwidth they can consume when downloading patches.

Historically, this could be done with WSUS. But luckily, there are ways to reduce bandwidth usage on Windows 10 and 11 devices without forcing your team to waste time maintaining legacy infrastructure.

We’ve created an Automox Worklet to restrict bandwidth usage for patching across your managed devices – it really is the best of both worlds, allowing your network to maintain maximum productivity while allowing you to get rid of expensive and time-consuming legacy architecture. (Try it yourself in the Worklet Catalog.)

Automox + or - WSUS: The takeaway

If you decide to hold onto WSUS and run it alongside Automox, now you know how to configure the programs.

However, if you’re ready to replace your older tools that just aren’t as efficient as you’d like – try managing your environment with Automox today.


Start your free trial now.

Get started with Automox in no time.

By submitting this form you agree to our website terms of use and privacy policy.

Dive deeper into this topic

loading...