personal attacks will not be tolerated.
more tooltrash!!!! hey caved to customer demand, much like Apple did by giving rebates on the iPhone.

Stupid admins abound. We didn't get caught by this, and neither did any of the companies whose systems we manage unless an intentional installation already existed. It involved nothing more than doing our jobs.
pcfool-Your still myopic and in denial- and obviously can,t see the whole issue-

"After having explained away a problem with Windows Server Update Services yesterday as a problem with administrators not understanding the "applicability rules" for patches to updated software, a Microsoft product manager today acknowledged there was indeed a problem with how WSUS pushed a patch for Windows Desktop Search onto enterprise networks, calling it a "publishing process error."

"I want you to know we are working now to correct the issue and have temporarily suspended the distribution of the Windows Desktop Search through WSUS," reads an explanation published at around midnight last night by WSUS product manager Bobbie Harder."

I think that's exactly the quote he based his post on.

Two differing opinions on the internet...imagine that.

I have to admit. this one was kinda silly. Any admin for a large network should be reading EVERY Updates whitepages notes before allowing it. And all they had to do is uncheck it and it would not have been pushed out to the network... All that MS did was list it as a critical instead of on optional update...

Indeed this happens more often then people care to admit. Admins just blindly accept all critical updates never reading a word about how it may effect their network... Is it kinda a cheap move on MS part to get something in there that THEY want you to have that most network admins would not want you to have? Yea, but ultimately its the IT Depts fault for allowing it to happen in the first place...

My updates never get pushed out till at least thursday on a patch tuesday week... Cause I
Read everything first, and I take the added precaution of installing them to a testbed and make sure everything stays functional before pushing it out network wide.

Thats just good IT management. The sad fact is not many companies give IT anything to make that happen. Indeed more then I would like to admit have no IT dept at all. Just some service they call to come in when something happens. Which Really really sucks IMHO.

Do you run a WSUS server...or are ya lucky enough to be using System Center or other third party app????

This update "auto-approved" its self without ever notifying the admin and sitting in the queue like all updates are supposed to. This is NOT a case of "stupid admin tricks" Furthermore, unlike what Bobbie claims, it did so even if the older WDS 2.66 was declined in the past. I saw this behaviour on two seperate networks using WSUS and if you bother to read microsoft.public.windows.server.update_services you would see that I'm far from the only one.

It's outragous, but I guess you get what you pay for seeing as how WSUS is free. The only response I'd consider to be acceptable from Bobbie and team is to repush the update with the "Approve for Removal" option enabled.

It's a b itch too cause WDS dlls register and are imported into the explorer.exe proccess. Therefore, uninstalling normally requires a reboot unless you're smart enough to kill the shell before running the uninstall. That's real great on production servers... :(

When did this country/world become such a bunch of whiney buggers?

I think it had to do with the feminist movement - they've turned men into a bunch of mewling women. "My automatic updates installed something automatically without my knowing - WHHHHAAAAAAA!"

It's not like it installed a virus or trojan or even did anything malicious for crying out loud. A package was missprofiled as being a critical update most likely and it got installed.

If you don't want things to show up unexpectedly - then don't use WSUS or set it up to only push out the patches you provide - instead people rely on a crutch and then cry about it when it performs the way they expected.

Talk about taking responsibility! How much longer are we going to have to listen to immature people scream about "it's not my fault".

No wonder things are such a mess!

3000 machines, all indexing their drives. You do the math.
It's a big deal. People have lost their jobs for less.
I can guarantee you someone at MS is getting demoted or penalized for this.

People have lost their jobs for less.

...namely the admins that allowed it to happen.

I can guarantee you someone at MS is getting demoted or penalized for this.

Doubtful.

LOL. Sure pass the buck. Of course it is not your beloved M$ fault. You can't fault the mothership.

M$ _is_ to blame. But that is what you get when you deal with their crap-ware. I wonder how many vulnerabilities they just forced onto people? Only time will tell.

"What Harder did not attempt to explain or verify was admins' claims that WSUS 3.01 was being installed everywhere throughout their systems"

Wouldn't that be WDS 3.01?

Looks like they fixed this typo. ;-)

So will the posters in the previous threads rescind their comments about "stupid admins?" MS admitted they ****ed up.

It would be delightful and utterly unexpected to see MS issue a public apology to the admins that they so cavalierly insulted. I will not hold my breath, however. Asphyxiation is a painful way to go.

oh but, their silence would speak far more volumes

They caved to customer demand, much like Apple did by giving rebates on the iPhone.

Stupid admins abound. We didn't get caught by this, and neither did any of the companies whose systems we manage unless an intentional installation already existed. It involved nothing more than doing our jobs.

Not being silent here. It sounds like some admins got caught with their pants down. Hopefully they will re-evaluate their WSUS server or SUS and change how things are pre-approved.

edit
-----------------------------------------------
Just read the blog post, I see where Microsoft made the mistake and something about the February patch being only for those that had WDS 2.6 (or whatever) and admins approving it because it would only effect those that had it. Being as this was a revision to that Feb. patch but without the part about WDS already being installed, it was pre-approved. Because of this, it installed to everything instead of just those that had WDS installed already.

Being as I have never had WDS installed through WSUS it didn't install. I do have revisions pre-approved, and now I am re-thinking this. Luckily, I wasn't caught by this, but I can see how I might have been. For example, I don't have WDS anywhere, but some of my users might have installed it, weather they wanted to or it came with something like the MSN toolbar and they installed everything like most dumb users. I want to make sure they get security patches, so when I see that the Feb. update applies only to those who have it get the update, I approve it. Then the revision changes, and installs everywhere.

OK, I guess this one is Microsoft's fault, but at the same time, admins need re-evaluate their revision policy.

Read the WSUS blog post linked in TFA and you will see what amounts to an apology from Microsoft.

Is there a memo on that? Didn't think so. Hard to argue with the facts. Microsoft came out and admitted the error. Fact. Enough said. Rhetoric isn't going to change any of that, nor will it add anything intellectual to it.

Same old, same old. How about just being honest with customers MS? What a confusing concept! What a joke.

How about managing your WSUS and actually reading what you may be approving?

How about taking some responsibility? (Yeah, right....that'll happen)

Whatever. Anyone that manages WSUS environments knows the oddity of how some patches are categorized. Things like Root Certs updates are optional but IE7 is top-priority. If you set your env to automatically deploy critical updates, you may be surprised by what you get (and don't get)

Exactly why I changed this on my WSUS system. I now have all updates set to automatically detect only so I don't have to I don't have to go in and select detect only, then go in in a couple of days and approve to my test group, then go in a week later after testing and approve to everyone. One less step, and no messy unintential patches installed.