We currently have our single internal WSUS server configured for all computers, both desktops and laptops. The WSUS server is available internally only (either VPN or LAN). We have some remote users who are almost never on-site and semi-frequently VPN into the network. Instead of having them download Windows Updates across the VPN, I’d like to accomplish the following:
-
While the clients are on the local network, they check the WSUS server for the updates that are approved and download them from our local WSUS server.
-
While the clients are remote, they check in to the WSUS server and the WSUS server dictates which updates to download, but they download them straight from Microsoft.
From what I’ve read, this is probably possible by having a secondary WSUS server that tells the clients to download from Microsoft and utilizing DNS netmask ordering to tell the clients which WSUS server to contact; is there a way to do this with a single WSUS server? All remote clients are Windows 7 SP1, WSUS is v3 on Server 2008 R2 SP1. Utilizing Microsoft RRAS for VPN services (IKEv2/SSTP/L2TP/PPTP).
Source : Server Fault