Weather Imagery

I work on a classified program for Lockheed Martin and our network is completely isolated from the internet. Therefore, I have two WSUS servers; one connected to the internet which harvests the updates and the second is on the classified LAN. Each day, I check for updates on the internet WSUS server and if anything new pops up, I export the metadata and copy the files to DVD.

Setting up the WSUS servers was easy. However, understanding how the two WSUS servers interacted was a different story. Here are a few problems I encountered but have since resolved:

If you are finding that the updates on your disconnected WSUS server are not downloading even after you have imported the metadata and copied the files to the server, check and confirm the following:

• The WSUSContent directory should be exactly the same on both servers. That is if on WSUS server #1 the directory path is C:\WSUS\WsusContent\ it should be the same on WSUS server #2. If you have the updates going to a different drive letter, then the metatdata in the database from server #1 will not point to the right place when you import it into WSUS server #2. You can run C:\Program Files\Update Services\Tools\wsusutil.exe help movecontent as a possible solution.
• Within the Update Services application, select Options=>Update Files and Languages and make sure “Store update files locally on this server” is selected, “Download update files to this server only when updates are approved” is checked, and “Download Express installation files” is NOT checked. The express files require communication with the Windows Update website and since your disconnected WSUS cannot communicate with it, all the update files cannot be downloaded. Makes sure these settings are the same on BOTH servers. You may need to re-download all the updates on the internet connected WSUS server to re-sync the files if you at one point had this checked and later unchecked it. You will then need to copy those files to the disconnected WSUS server.
• Within the Update Services application, select Options=>Update Files and Languages and select the Update Languages tab at the top. Make sure the same languages are checked the same on BOTH servers.

Obviously, you have to match the approved updates on the internet connected WSUS server with the disconnected WSUS server. But I did notice when you approve an update on the disconnected WSUS server, it appears as if the server has to download the updates from itself. If you click between one of the Update views and the Server Name where the “Updates needing files” count is displayed, it takes a few seconds to update.

Windows XP by default enables a feature called Fast Indexing. This is only useful if you frequently use the search option to find files or folders on your computer. Now, if you aren’t using this search capability every day there is absolutely no reason to have it enabled and it’s only slowing your computer down and taking up disk space.

Disabling fast indexing will not hurt your computer at all. You can also re-enable it at any time:

• Open up My Computer
• Right-click on your local disk (c:\)
• Select Properties
• Un-check Allow Indexing Service to index …
• Click OK

Depending on how fast your hard drive is and how many files there are, this could take several minutes. You may also see a few warnings about some files whose attributes could not be changed. This is normal and just select “ignore all”. If you later decide you want to re-enable this capability, simply go through the steps above and re-check the Indexing Service check box. It will again take a few minutes to re-index all the files on your PC.

The next part is optional. To disable the Indexing Service that runs in the background, follow the below steps:

• In the “Start” menu, choose “Run.”
• Type “services.msc” and press Enter.
• Scroll-down to “Indexing Service” and double-click it.
• If the service status is “Running”, then stop it by pressing the “Stop” button.
• To make sure this service doesn’t run again, under “Startup Type:”, choose “Disabled.”

Note, un-checking this box and stopping the service does NOT mean you cannot use the Windows search capability. You can still do so, but it will just run slower. But if you don’t search on a regular basis, then it is best not to have the indexing turned on so as not to needlessly consume system resources