Step-by-step guide: Installing Software Update Services on the server

Douglas R. Spindler, contributor

Douglas R. Spindler, president of the San Francisco Networking Technologies User Group, shares his personal experience with Software Update Services. Spindler installed SUS without Active Directory at Lawrence Berkeley National Laboratory. Here's a wrap-up of what he learned.



SUS requirements
Hardware: Microsoft states that a P-III 700 with 512 MB RAM and a 6 GB hard drive will support any size organization up to 15,000 users. I've found satisfied folks using P-300s for 1,000 with no complaints. My advice: play with the lower performance machines, but follow Microsoft's recommendations when it's time for production.

Server OS: You have two choices: Windows 2000 or Windows Server 2003 (beta only until April 24), but I recommend Windows Server 2003 so you can evaluate both SUS and Windows Server 2003 at the same time. Installation and configuration is the same for either version. --Doug Spindler


    Requires Free Membership to View

Step 1: Begin with a new install of the Windows server operating system software. Accept all of the defaults and the following settings: The OS should be installed on an NTFS partition. Make sure you install IIS and you are configured to use a static IP address. IE 5.5 is required, but you might as well use 6 or better. Confirm that your server is functioning properly.

Step 2: Install SUS on the server. Visit Microsoft's Web site and download (or install from the Web) Software Update Services Server 1.0 with Service Pack 1. This may take some time, since SUS10SP1.exe is 33 MB.

Step 3: Install the SUS server on your server. I found that selecting <Custom Install> makes configuring the server slightly easier. You can go with the defaults, but when it comes to selecting the languages, select English or only the languages you need.

Step 4: Accept the default, <Manually approving new versions>. On the next screen, take note of the URL, which can be used by the clients to locate the server if you enter the value in your DNS server. It's easier to use the static IP address.

Step 5: Click <Next>. In less than five minutes, the SUS server software will be installed, and the IIS lockdown tool on Windows 2000 will have secured the server. For Windows Server 2003, IIS lockdown is performed when IIS is installed. Follow Microsoft's security guidelines to finish securing the server.

A quick side note: should you back up a SUS server to a tape drive? I think not, and here's why. A SUS server is quickly created. If the server fails, it's not business-critical. Instead, try imaging the server to a second hard drive using a product such as Drive Image from Power Quest or Ghost from Symantec.

Step 6: Internet Explorer will open on the SUS admin screen. Click <Set Options>. If you have a proxy sever on your network, enter the values. If you are not using a proxy, select the top box, <Do not use a Proxy to access the Internet>. You will not need to make any other changes, but scroll down the page to become familiar with the page. Return to the main admin screen by clicking on <apply>.

Step 7: SUS will prompt you to synchronize your server. Follow the advice and select the second menu item from the top, <Synchronize Server>. Don't click on <Synchronize Now>, at least not yet. Instead, select <Synchronization Schedule> and set up your own schedule. Now select <Synchronize Now>. Depending on how many languages are selected and what kind of Internet connection you have, this can take from 20 minutes to many hours. (Take note, English alone has more than 2,100 Critical Updates, and almost 100 are for Server 2003.)

Step 8: Configure the client while the SUS server download is occurring. (See Installing Software Update Services on the client.)

Step 9: When the clients are configured, return to the SUS server and approve the updates by clicking on the <APPROVE> button in the lower right corner of the screen. Microsoft makes you approve each update one at a time; there is no "select all" option.

Continue on to:
Step-by-step guide: Installing Software Update Services on the client
Back to part 1: Software Update Services without Active Directory

About the author: Douglas R. Spindler is the Active Directory project coordinator at Lawrence Berkeley National Laboratory and a technology consultant living in the San Francisco Bay area. He holds an MCSE + Internet certification and is a freelance writer, lecturer and president of the San Francisco Networking Technologies User Group. He can be reached at

SMS Crash Course

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: