Windows Server Update Services – WSUS
My goal is persuade you to download WSUS (Windows Server Update Services) for your Windows 2003 Domain. The WSUS program is free from Microsoft; the concept is sound, what have you got to lose?
- Introduction to WSUS
- 3 Elements of WSUS
- Installing WSUS
- Configuring WSUS
- Solarwinds Patch Manager
The principle behind WSUS is that your Windows Server contacts Microsoft’s master update service on the internet and copies down all the patches, security updates and hotfixes locally. If you have the time you can test then ‘Approve’ the patches before your XP or Vista clients update from their local WSUS server. When time is short you can omit the approval stage, or just give the patches a quick look.
As a bonus you can create a Group Policy to control who gets what and when. For example, apply patches to XP computers in Accounts OU at 02:00hrs.
- WSUS itself, the service which runs on the Windows (Member) server
- AU which runs on the clients (Window 7, Vista or even XP).
- Group policy which regulates which clients get which patches.
What WSUS does is work with Intellimirror and Group Policy to support XP clients. The group policy template wuau.adm is responsible for the WSUS updates. This wuau.adm comes automatically with Windows Server 2003 and later.
WSUS – WUS in a Name?
WSUS (3.0) used to be called WUS (2.0). It seemed that whoever trawled the world’s languages checking an acronym is not rude, missed Welsh. In Welsh WUS, could mean a friend as in ‘Watch ya wus, unfortunately for Microsoft, WUS could also mean, a fool, an idiot. ‘Dew, dew bach, that new scrum half is a bit of a wus’. Thus a few years back Microsoft discretely phased out the word WUS and heralded son of WUS – WSUS.
1) Download the WSUS product as a .msi from Microsoft (No worries it’s free)
2) Make sure that your server is running at least IIS v 5.0
3) Run the installation Wizard
4) On the server, you need at least 500MB disk space per locale.
How to Install AU clients
Apply SP2 on XP or SP3 on Windows 2000 Pro – that’s all you need to do on the client side. The rest of the install is handled by Group Policy. See also:SolarWind’s Diagnostic Tool for WSUS Agent
Configuring WSUS on the Server
As I mentioned earlier, SUS needs IIS v5.0 or later, so here is the clue that you configure it by typing:
http://ServerName/susadmin in the browser. Once installed, you net to ‘Set Options’ to align the configurations with your network.
When you have downloaded and checked the updates, you can select patches or hotfixes that are needed and then ‘Approve’ the update. After that Group Policy takes over and distributes the approved updates to the clients. Alternatively, you can bypass approval and let Group Policy roll out the patches just as they come from Microsoft’s site. Network administrator’s that I have talked to prefer the ‘Approve’ method because they like to control which SUS patches to let out onto their network.
Microsoft has always been good at providing logs, and SUS is not different you can easily check which patches have been approved and when your server synchronized with the Microsoft master serer on the web.
With SPM you can push out patches, which companies such as Mozilla Firefox or Adobe Acrobat provide. The point is that because WSUS does not do this for non-Microsoft software updates, you need a good add-on to take care of this task. With the Patch Manager you can even create your own packages to apply to your servers or clients.
WSUS (Windows Update Service) will enable you to update Office, SQL Server, and other Microsoft products. SUS on the other hand neither supports Windows 9x nor does it support Microsoft Office. Watch out for WSUS, currently in version 3.0.
Acronyms like WSUS interest me. It’s fascinating how that initial word conjures up an image; as you grapple to pronounce an acronym so you get an impression of like / dislike, or good /bad. The best product names give you a clue as to the underlying application’s job, for example, NetDiag, VM console, or my favorite, FreePing.
I have followed the naming history WSUS with interest because Microsoft originally called it WUS 2.0. Now Microsoft must trawl the world looking for acronyms for products, and then checking they don’t have a rude meaning in some obscure language. Well in the case of WUS they overlooked my national language, Welsh. To the Welsh a WUS is somewhere between a disparaging remark and a rude epithet; you would not want someone to say to you, ‘Boyo, you’re a bit of a wus’. Although to be fair, Wus can be used as a term of endearment, as in, ‘Hi Wus, where to have you been butty?
In conclusion, the boyos down the Welsh valleys had a bit of a laugh at WUS. Microsoft heard about it, and added ‘Server’ to the acronym making WSUS (Windows Server Update Services).
Solarwinds Patch Manager
With Solarwinds’ WSUS extension pack you can mix and match the two strategies of pushing out patches which companies such as Mozilla Firefox or Adobe Acrobat provide, or alternatively, you can create your own custom packages. The point is that WSUS does not do this for non-Microsoft software updates.
WSUS Server 2003Summary
What are you waiting for? I challenge you to download SUS from Microsoft’s site, install, test and then approve the updates. Finally, do not neglect to control SUS via Group Policy.
If you like this page then please share it with your friends