Want help with your product upgrades? Upgrades made easy

How to configure GFI LanGuard to use a WSUS server for the patch repository

GFI LanGuard is able to use the repository of a WSUS server in the network.

When this feature is enabled, GFI LanGuard will use the WSUS server as an additional repository for updates. The updates will be copied directly from the WSUS Server to the target machines being remediated. GFI LanGuard will not copy the updates to its repository. 

If an update is not available in WSUS repository and it is downloaded by GFI LanGuard, then the patch will be saved into GFI LanGuard repository and not the WSUS repository. In this situation, if the update is downloaded by WSUS at a later stage, the same update will be found in both repositories.

Note: For secure environments see the article: How to update GFI LanGuard if in a secure network

To configure this in GFI LanGuard, perform the following procedure:

  1. Open the GFI LanGuard configuration
  2. Click on the 'Configuration' tab
  3. Expand the 'Software Updates' node
  4. Right click the 'Patch Auto-Download' node and select 'Edit patch auto-download options...'
  5. Select the 'Patch Repository' tab and enable 'Use files downloaded by WSUS when available'
  6. Specify the path of the WSUS content folder

1. The path of the WSUS repository can be either a local folder or a UNC path. Example: \\Server01\WsusContent. Do not use a mapped drive. Mapped drives are not available to other accounts (like the LanGuard attendant service account). 
2. The GFI LanGuard Attendant Service account must have permissions to access the WSUS directory

Configure the WSUS server as follows:

  1. Enable patch "Auto-approval"
  2. If the WSUS server resides on a different domain than the GFI LanGuard Attendant Service account you may have to use the following procedure to allow access:
  • Enable the guest account.
  • Add the everyone group to both the share and the security permissions.
  • In the local security policy editor (secpol.msc) configure the following policies:
  • Network Access: Named Pipes that can be accessed anonymously = (add) sharename
  • Network Access: Shares that can be accessed anonymously = (add) sharename
Reference: http://social.technet.microsoft.com/Forums/windowsserver/en-US/fba2f5f0-9069-48cd-a534-64ce7ba9cc97/windows-2008-r2-domain-how-to-allow-anonymous-access-to-1-folder-share?forum=winserverfiles