Guy Recommends
A solution to monitor, manage and archive thousands of
events that are generated by devices across the entire network.
Download FREE
trial
Windows Server Update Services - WSUS
My goal is persuade you to download WSUS (Windows Server Update Services) for your
Windows 2003 Domain. The WSUS program is free from Microsoft; the concept is
sound, what have you got to lose?
The principle behind WSUS is that your Windows 2003 server contacts Microsoft's
master update service on the internet and copies down all the patches, security updates and
hotfixes locally. If you have the time you can test then 'Approve' the patches before
your XP or Vista clients update from their local WSUS server. When time is short you can omit the approval stage, or
just give the patches a quick look.
As a
bonus you can create a Group Policy to control who gets what and when. For example,
apply patches to XP computers in Accounts OU at 02:00hrs.
 Network security is complex. As an MCT trainer, I can thoroughly recommend
TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example
Network Security or go for
a combination of modules.
See more about Network Security training here
- WSUS itself, the service which runs on the Windows 2003 (Member) server
- AU which runs on the clients (XP or Vista).
- Group policy which regulates which clients get which patches.
What WSUS does is work with Intellimirror and Group Policy to support XP clients. The group policy template wuau.adm is responsible for the WSUS updates. This wuau.adm comes automatically with Windows Server 2003.
WSUS - WUS in a name?WSUS (3.0) used to be called WUS (2.0). It seemed that whoever trawled the world's languages checking an acronym is not rude, missed Welsh. In Welsh WUS, could
mean a friend as in 'Watch ya wus, unfortunately for Microsoft, WUS could also mean, a fool, an idiot. 'Dew, dew bach, that new scrum half is a bit of a wus'. Thus a few years back Microsoft discretely phased out the word WUS
and heralded son of WUS - WSUS.
Server Side
1) Download the WSUS product as a .msi from Microsoft (No worries it's free)
2) Make sure that your server is running at least IIS v 5.0
3) Run the installation Wizard
4) On the server, you need at least 500MB disk space per locale.
How to Install AU clients
Apply SP2 on XP or SP3 on Windows 2000 Pro - that's all you need to do on the client side.
The rest of the install is handled by Group Policy.
As I mentioned earlier, SUS needs IIS v5.0, so here is the clue that you
configure it by typing:
http://ServerName/susadmin in the browser. Once
installed, you net to 'Set Options' to align the configurations with your
network.
When you have downloaded and checked the updates, you can select patches or
hotfixes that are needed and then 'Approve' the update. After that
Group Policy takes over and distributes the approved updates to the clients.
Alternatively, you can bypass approval and let Group Policy roll out the patches
just as they come from
Microsoft's site. Network administrator's that I have talked to prefer the
'Approve' method because they like to control which SUS patches to let out onto
their network.
Microsoft have always been good at providing logs, and SUS is not different
you can easily check which patches have been approved and when your server
synchronized with the Microsoft master serer on the web.
WSUS (Windows Update Service) will enable you to update Office, SQL Server,
and other Microsoft products. SUS on the other hand neither supports
Windows 9x nor does it support Microsoft Office. Watch out for WSUS,
currently in version 3.0
Summary
What are you waiting for? I challenge you to download SUS from
Microsoft's site, install, test and then approve the updates. Finally, do
not neglect to control SUS via Group Policy.
|
