I am starting a personal project to make WSUS more useful.
WSUS is great at handling the selection of patches, grouping computers, approving and declining patches etc, but its scheduling capabilities are practically non-existent. It relies on GPOs, and the GPO options are extremely limited - making the assumption that it's fine for your computers to be automatically rebooting themselves every week at the same time.
While this may be fine for desktop computers (lets say, rebooting at midnight every Saturday), it's definitely not acceptable for most servers.
I assume this is because Microsoft wants you to buy SCCM to get more granular control over scheduling patch cycles - but the concept of scheduling a process of any kind really isn't that difficult, and I believe I can put together a simple but useful utility to maintain WSUS patching schedules using only what Microsoft already provides.
Here's my basic plan of what's needed:
A database or file of some kind to maintain dates/cycles for patching various computers on a network.
A web service/API to call to this database and get/set information.
A front end to view and manage the schedules.
A method of initiating the patch cycle on each local machine, at the appropriate time, which will make use of the wuauclt.exe utility and its various parameters.
Check back soon for Part 2, where I start work on planning out the various components.