A major part of managing any network and computer assets these days is staying on top of the vulnerabilities that can affect the applications and operating systems. To help network and security administrators with patch deployments, Microsoft created Windows Server Update Services, or WSUS (WSUS is the latest incarnation of the free Microsoft patch management offerings, superseding previous versions such as Server Update Services.)

WSUS requires a back-end database of some sort, and Microsoft recommends that you use SQL Server 2000. WSUS ships with Microsoft Windows SQL Server 2000 Desktop Engine (WMSDE), which is fine for most WSUS installations. Installing WSUS also requires at a minimum IIS (Internet Information Services), BITS (Background Intelligent Transfer Service) 2.0 and .NET Framework.

There are not many free patch management solutions to compare WSUS against. As it relates to its predecessor, SUS, WSUS expands the capabilities to include a wide range of features that make WSUS much more powerful and versatile.

For starters, WSUS supports patch management not only for the Windows operating system (Windows 2000 or later), but also for Microsoft Office applications, Exchange Server, SQL Server and MSDE. Microsoft plans to grow the support in WSUS to include managing patches and updates for all Microsoft software.

In addition, WSUS provides support for service packs, a basic inventory management capability and some basic reporting functionality. Microsoft

Requires Free Membership to View

has built in more granular control over the patch deployment process, and there's a rollback feature to undo patches or updates as well.

SUS has been favorably accepted by those who have used it. With WSUS, Microsoft has raised the bar and provides much broader and more powerful functionality to help its customers maintain their patch management efforts free of charge. However, WSUS is still limited to Microsoft products -- and even some of those are beyond the scope of WSUS.

If you want more flexible patch management solutions that work across a broader range of products and applications from a variety of vendors, look at purchasing a commercial patch management tool. (Click here to read about some of the popular commercial patch management tools.)

Tony Bradley, a consultant and writer, focuses on network security and antivirus and incident response. He is the author of About.com guide for Internet/Network Security, which provides a broad range of security tips, advice, reviews and information.

This was first published in October 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.