But what about unattended servers? No-one ever logs into their consoles and thus there's nobody to install the updates. Having an administrator log in to each server to install updates is just too tedious. Luckily, this isn't necessary. Using deadlines, one can have the updates install on unattended servers automatically. Here's how I do it:
- I've created a computer group in WSUS called "Servers" and added all servers to it.
- Whenever I approve an update, I make a separate approval for the "Server" group with a deadline.
- When the deadline expires, updates are installed automatically.
Always set the deadline more than 22 hours in the future. This is because Automatic Updates service is checking for new updates by default every 22 hours. Imagine what happens if during the day, say at 12am you set the deadline for 11pm today. By 11pm a server may not have checked for new updates yet, and it will not know a new update with a deadline is available. Next day, say at 10am it will check, find the update and see that the deadline is already past due. It will then immediately install the update and reboot right when your users are busy using it. To avoid such unfortunate scenario, allow sufficient time for Automatic Updates to find the update before the deadline expires.