GFI LanGuard is able to use the repository of a WSUS (Windows Server Update Services) server in the network.
- When this feature is enabled, GFI LanGuard uses the WSUS server as an additional repository for updates. The updates are copied directly from the WSUS Server to the target machines being remediated. GFI LanGuard doesn't copy the updates to its repository.
- If an update is not available in WSUS repository and it is downloaded by GFI LanGuard, then the patch is saved to the GFI LanGuard repository and not the WSUS repository. In this situation, if the update is downloaded by WSUS at a later stage, the same update is found in both repositories.
NOTE: For secure environments see the article: Updating GFI LanGuard If in a Secure Network
This article guides you on how to configure GFI LanGuard to use a WSUS server for the patch repository.
Configuring WSUS to Use the Patch Repository
- Go to GFI LanGuard > Configuration.
- Expand the Software Updates node.
- Right-click the Patch Auto-Download node and select the Edit Patch Auto-Download Options.
- Select the Patch Repository tab and enable Use Files Downloaded by WSUS When Available.
- Specify the path of the WSUS content folder.
- The path of the WSUS repository can either be a local folder or a UNC path.
- Do not use a mapped drive. Mapped drives are not available to other accounts like the LanGuard Attendant Service Account.
- The GFI LanGuard Attendant Service Account must have permissions to access the WSUS directory.
Allowing Access to WSUS Server
- Enable patch Auto-Approval.
- If the WSUS server resides on a different domain than the GFI LanGuard Attendant Service Account, follow the procedure below to allow access:
- Enable the guest account.
- Add the Everyone group to both the share and the security permissions.
- In the local security policy editor
secpol.mscconfigure the following policies:
Network Access: Named Pipes that can be accessed anonymously = (add) sharename
Network Access: Shares that can be accessed anonymously = (add) sharename
Windows 2008 R2 domain - How to allow anonymous access to 1 folder share?