Four new WSUS features and capabilities all admins should know

These four new features and capabilities in WSUS can simplify how admins roll out OS updates in their enterprises.

Does Windows Server 2012 R2 add any new WSUS features or capabilities?

There are several noteworthy additions to Windows Server Update Services (WSUS) under Windows Server 2012 and later. Server Manager can now control the WSUS Server role so that the role can be added and removed as desired. For example, removing the role from one server and enabling it on a later, more powerful server might be more convenient than performing a live migration or attempting a formal installation on another physical machine.

WSUS now adds 12 PowerShell cmdlets to allow scripting and automation of WSUS tasks. WSUS also now supports hash-based authentication. Matching SHA256 hashes helps ensure that patches and updates are "authentic," undamaged and free of malware, which could devastate an enterprise if infected code were inserted into patches or updates. Finally, WSUS is available in two separate versions: a server version (WSUS) and a client version called Windows Update Agent (WUA). WUA does not depend on WSUS or its features.

Keep in mind that upgrading WSUS -- often accomplished when upgrading a Windows Server OS version -- may require the older version of WSUS first being uninstalled from the target server. Be sure to read the update documentation before proceeding. It is important to review and understand any potential WSUS issues before upgrading the WSUS server.

WSUS features offer IT administrators a versatile platform to manage and automate Microsoft product updates and patches. But just having an update available is not enough to justify the update. Administrators must take the time to test each prospective patch or update in a lab environment and weigh the impact on reliability and performance, looking for unforeseen consequences before making the choice to roll out the new code enterprise wide. Have a backup plan in place as well. If trouble strikes -- such as an incompatibility -- administrators can restore and recover while investigating the root cause of the problem and formulating corrective action.

Dig Deeper on Microsoft Windows Server 2012