Ezine 128 – Windows Update Service

Ezine 128 – Windows Update Service

This week’s ezine has three strands; each is joined by the common thread – Windows Update Service.  Firstly a challenge – check your Windows Update interface.  See if the settings are what, and where, you think they are.  Secondly, I want to provide help for that day when the temporary files have become corrupted and your Update Service stops working.  Thirdly, a reminder for Windows Administrators, research what installing WSUS (free) could do for your Windows network.

Why you need patches and hot-fixes

It is true to say that Microsoft did not make Windows Server 2003, XP, or Vista flawless on first release.  Errors range from spelling mistakes in the menus, to defects in a service, to security holes that hackers can exploit.  To be fair to Microsoft, probably no other software is perfect when sold either, but any mistake in a Microsoft product is subjected to intense media scrutiny.

To digress, my friend ‘Mad’ Mick has indoctrinated me that UNIX is perfect and indestructible.  Last week my AutoResponder stopped working.  As it is housed on my ISP’s UNIX server I thought of Mick’s advice and never even considered there could be a fault with a cron daemon on the Apache server.  This undue faith in cron cost me three days of looking fruitlessly at MySQL commands; whereas I should have contacted the UNIX expert on day one, and asked him to repair the cron daemon.

The solution – Windows updates

Microsoft has pioneered a system whereby every Windows operating system has a built-in update service.  The idea is that your machine polls the Microsoft Update Service and downloads patches, security updates and hotfixes as necessary.  Consequently the Windows operating system and program such as MS Office are up-to-date and protected from maleware.  My advice with the Update system either embrace it fully, or turn it off and forget about it.  If you like the idea of the free Update service, then check that your settings minimise the delay between Microsoft issuing a patch and your system installing.  Avoid the trap where you ask Window to check for Updates at 4.00 am, but then turn the machine off every night! 

I have heard from both sides of the security fence that hackers also download these patches, but their motive is to reverse engineer the fix, re-create the problem and produce a virus which attacks un-patched machines.  A security expert told me he could always detect a huge peak in virus attacks AFTER Microsoft released patches.  Also a self-confessed hacker on one of my courses told me this is precisely what he did in his spare time.  No, no, I was training him Exchange, not hacking!  My point is you need to respond quickly to each update, thus I recommend the Automatic settings.

Where do you find the Windows Update Service Settings?

  1. Click on the Start button, choose, Help and Support
  2. Windows Update
  3. Automatic Updates Turned On (Biggish menu on the RIGHT)
  4. Pick a time to install updates
  5. Choose Install and update automatically (Guy’s choice)
  6. Also seek ‘Use Microsoft Updates’ which provides a similar service to the operating system, but for other Microsoft programs such as Office.

Check Your Group Policy for Windows Update Settings

Perhaps your Windows Updates are controlled via group policy?  If they are, or if they should be, then here are the settings to check.

  • Launch GPMC
  • Seek the Computer Configuration (not users)
  • Administrative Templates
  • Windows Components
  • Windows Update – Lots of options in the right panel

Solarwinds (EminentWare) Patch Manager

Solarwinds Patch manager is great way to extend what WSUS can do.  Indeed, the more you get into patch management for network, the more factors come to light, and the greater the need for a program to automate the procedure based on your business logic. 

Solarwind Patch Manager will exceed your expectations, for example, in addition to keeping all your computers’ software up-to-date, it can discover machines which are imperfectly configured.

See more on extending WSUS with Solarwinds Patch Manager »

How to fix corrupted temporary files – Kindly researched by Paul DeBrino

Background information

The name for the Windows Update Service is WuAuServ – fair enough.  However if you scour the Window Services snap-in you will not find it listed under ‘W’ for Windows, ‘U’ for Update, or even ‘M’ for Microsoft.  Curious, I ran a simple PowerShell command: get-service.  Now I could see the name wuauserv, and opposite it the ‘DisplayName’ ‘Automatic Updates’.  Mmm the Windows Update Service begins with ‘A’ for Automatic.  The reason I mention this strange naming convention is if you are going to troubleshoot, then the logical place to begin is by checking that the Automatic Updates is set to Automatic and has in fact started.

Problems with the Windows Update Service may occur if the temporary folder belonging to Windows Update has been corrupted.  The following steps explain how to remove these temporary folders and subfolders.  Please be assured the folders will be created again by the operating system.  However, ”If it ain’t broke, then don’t fix it”, just store these instructions for that day when the Windows Update Service produces errors.

Step-by-step Instructions to repair a corrupted temporary folder

  1. Browse to ‘C:\WINDOWS\Downloaded Program Files\’ and remove any Active-X Object showing ‘Damaged’ as the Status. In particular, you can right-click the object to view the CodeBase which will confirm it as part of Windows Update (e.g. the CodeBase will contain windowsupdate.microsoft.com)
  2. Press Windows key +r.  You should see a dialog box saying: Open:
  3. Type ‘net stop WuAuServ’ in the dialog box and then press Enter. You should receive a message stating the Automatic Updates service was stopped successfully.
  4. Type in ‘RD /s %windir%\softwaredistribution’ and press Enter. Answer ‘Y’ when you are prompted to remove the folder.
  5. Rename the ‘%windir%\system32\catroot2’ folder. This folder will be recreated on reboot and subsequent run of Windows Updates.
  6. Type ‘net start WuAuServ’ and press Enter to restart the Automatic Updates service.
  7. Restart the BITS service.  Make sure that is can start and stay running.
  8. Visit the Windows Update website (http://windowsupdate.microsoft.com) which should prompt you to reload the entire Windows AU (automatic updates) application.

Guy Recommends: Tools4ever’s UMRAUMRA The User Management Resource Administrator

Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.

It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.

Introduction to WSUS

Completely independent of the above Automatic Updates is a bolt-on service called WSUS (Windows Server Updates Service).  WSUS removes the need for clients to individually connect to Microsoft’s site every time there is a new hotfix.  Thus saving network traffic and reducing user error.

The principle behind WSUS is that your Windows 2003 server contacts Microsoft’s master update service on the internet and copies down all the patches, security updates and hotfixes locally.  If you have the time you can test then ‘Approve’ the patches before your XP or Vista clients update from their local WSUS server.  When time is short you can omit the approval stage. See also: Diagnostic Tool for WSUS Agent

3 Elements of WSUS

  1. WSUS itself, the service which runs on the Windows 2003 (Member) server
  2. AU which runs on the clients (XP or Vista).
  3. Group policy which regulates which clients get which patches.

What WSUS does is work with Intellimirror and Group Policy to support XP and Vista clients. The group policy template wuau.adm is responsible for the WSUS updates. This wuau.adm comes automatically with Windows Server 2003.  See Windows 8 Group Policy Settings

WSUS – WUS in a name?

WSUS (3.0) was formerly known as WUS (2.0).  It seemed whoever trawled the world’s languages checking that an acronym is not rude, missed the Welsh language, Cymraeg.  In Welsh WUS, could mean a friend as in ‘Watch ya wus’, unfortunately for Microsoft, amongst Welsh speakers WUS could also mean, a fool, or an idiot.  ‘Dew, dew bach, that new English scrum half is a bit of a wus’.  Thus a few years back Microsoft discretely phased out the word WUS and heralded son of WUS – WSUS.

Will and Guy’s Humour

On a related topic, Will and Guy invite you to have a laugh at our funny examples of Engrish.  For example, a sign Korean sign saying: Luggage Disembowel, instead of Baggage Reclaim.  Also a Vietnamese Con Shop instead of Corn Shop!  See more amusing Engrish

Windows 8 Features:

Windows 8 New Features   • Windows 8 Metro UI  • Windows 8 Tips  • Windows 8 FAQ  • Ezines

SLA Monitor  •Network Performance Monitor (NPM)  • Windows 8 Home  • E 128 Win Update

E 174 Win 8 Traps  •E 168 UAC  • E 163 Update  • E 152 Closet  • E 139 End Msoft