windows update cache

Seth Mattinen sethm at
Fri Sep 28 17:16:33 UTC 2007

Steve Gibbard wrote:
> On Fri, 28 Sep 2007, Seth Mattinen wrote:
>> Adrian Chadd wrote:
>>> On Fri, Sep 28, 2007, Joe Johnson wrote:
>>>> Windows Software Update Services doesn't require the end-user to be 
>>>> part
>>>> of a domain to get updates. You just need to define the WSUS server as
>>>> the source for updates by changing a few registry entries and make sure
>>>> the server is available via HTTP or HTTPS to your customers. You can
>>>> read more at Microsoft's site.
>>>> Also, WSUS is free to run on any Windows server.
>>> Great if you're running a windows IT type LAN; crap if you're running an
>>> ISP!
>> Why? It talks TCP/IP.
> This seems like a question of how much control ISPs have over customers' 
> PCs at this point.  In my day (when we had to push packets up hill 
> through 28.8 kbps modems, both ways...), we used to send out CDs to all 
> our customers that would install web browsers and mail clients, and 
> change the computers' dial-up networking settings to match our network.  
> Changing some registry strings for Windows Update would have been trivial.
> The ISPs I've dealt with recently as an end user tend to just send out a 
> cable or DSL to ethernet bridge and let DHCP do the rest.  This is 
> progress, as it means devices can move from place to place and just 
> work, but I don't think it provides a way to change registry settings.

One could try to transparently proxy requests to windows update over to 
the WSUS server. No idea if that'll work though. I'm no windows expert, 
nor was I trying to provide some total solution, I was just trying to 
point out it uses TCP on port 8530 and one could try to use that to 
their advantage.


More information about the NANOG mailing list