Douglas R. Spindler, president of the San Francisco Networking Technologies User Group, shares his personal experience with Software Update Services. Spindler installed SUS without Active Directory at Lawrence Berkeley National Laboratory. Here's a wrap-up of what he learned.
Step 1: Begin with a new install of the Windows server operating system software. Accept all of the defaults and the following settings: The OS should be installed on an NTFS partition. Make sure you install IIS and you are configured to use a static IP address. IE 5.5 is required, but you might as well use 6 or better. Confirm that your server is functioning properly.
Step 2: Install SUS on the server. Visit Microsoft's Web site and download (or install from the Web) Software Update Services Server 1.0 with Service Pack 1. This may take some time, since SUS10SP1.exe is 33 MB.
Step 3: Install the SUS server on your server. I found that selecting <Custom Install> makes configuring the server slightly easier. You can go with the defaults, but when it comes to selecting the languages, select English or only the languages you need.
Step 4: Accept the default, <Manually approving new versions>. On the next screen, take note of the URL, which can be used by the clients to locate the server if you enter the value in your DNS server. It's easier to use the static IP address.
Step 5: Click <Next>. In less than five minutes, the SUS server software will be installed, and the IIS lockdown tool on Windows 2000 will have secured the server. For Windows Server 2003, IIS lockdown is performed when IIS is installed. Follow Microsoft's security guidelines to finish securing the server.
A quick side note: should you back up a SUS server to a tape drive? I think not, and here's why. A SUS server is quickly created. If the server fails, it's not business-critical. Instead, try imaging the server to a second hard drive using a product such as Drive Image from Power Quest or Ghost from Symantec.
Step 6: Internet Explorer will open on the SUS admin screen. Click <Set Options>. If you have a proxy sever on your network, enter the values. If you are not using a proxy, select the top box, <Do not use a Proxy to access the Internet>. You will not need to make any other changes, but scroll down the page to become familiar with the page. Return to the main admin screen by clicking on <apply>.
Step 7: SUS will prompt you to synchronize your server. Follow the advice and select the second menu item from the top, <Synchronize Server>. Don't click on <Synchronize Now>, at least not yet. Instead, select <Synchronization Schedule> and set up your own schedule. Now select <Synchronize Now>. Depending on how many languages are selected and what kind of Internet connection you have, this can take from 20 minutes to many hours. (Take note, English alone has more than 2,100 Critical Updates, and almost 100 are for Server 2003.)
Step 8: Configure the client while the SUS server download is occurring. (See Installing Software Update Services on the client.)
Step 9: When the clients are configured, return to the SUS server and approve the updates by clicking on the <APPROVE> button in the lower right corner of the screen. Microsoft makes you approve each update one at a time; there is no "select all" option.
About the author: Douglas R. Spindler is the Active Directory project coordinator at Lawrence Berkeley National Laboratory and a technology consultant living in the San Francisco Bay area. He holds an MCSE + Internet certification and is a freelance writer, lecturer and president of the San Francisco Networking Technologies User Group. He can be reached at firstname.lastname@example.org
FOR MORE INFORMATION
SMS Crash Course