I’m testing BigFix on Windows 7 (64-bit Professional) and noticed that fixlets for Windows Vista/7/2008 require that the Windows Update service is enabled. Is BigFix using the Windows Update service? I thought BigFix handled updates on its own. BigFix has no problem installing patches on my Win XP/2003 clients which have the service disabled.
With Windows Update service disabled, Win7 patches fail on this line of the script:
continue if {exists running service “wuauserv” OR NOT exists service “wuauserv” whose (start type of it = “disabled”)}
That seems to be by design, I’m just wondering if there’s a good reason.
BigFix does not use the Windows Update service and we handle the patches on our own… but I think in specific cases in the newer OSes, the wuauserv service needs to be running for certain patches to run properly.
I made a fixlet to set wuauserv to manual startup, I’ll add it to a Win7 non-patch baseline to check it periodically. I’m already doing that for WinXP, except the WinXP fixlet disables the service.
Is there a fixlet available to enable Windows Update service … just before the patching activity and another to disable it after patching ?
This would make it easy for my customer who has over 10,000 clients. The corporate policy was created after Bigfix was deployed to disable Windows Update service as Bigfix now handles the Patch Management.
As an alternative, is there a way to enable Windows Update Service and Change the settings to “Never check for updates (not recommended)” so that the customer is assured that the Windows OS is not going to check or download updates on its own.
You can probably use a command like the one below to reenable the service (I didn’t try it)
waithidden sc config wuauserv start=auto
This is just my opinion, but I don’t think disabling the Windows Update service OR completely disabling automatic updates is a very good idea… Microsoft releases updates via Windows Update that BigFix doesn’t provide fixlets for, generally because they aren’t security patches. I prefer a healthy combination of WSUS and BigFix for controlling MS updates.