.shock - Fotolia


Ease Windows Update problems by using WSUS servers

To combat various Windows Update problems, administrators should consider implementing a WSUS server to regain control over the patching process.

Handling change is a big challenge for systems administrators. Windows patches and updates released to production systems must work properly, run efficiently, maintain compatibility with existing software and systems, be secure and fit within configuration settings.

A change management tool could alleviate the stress associated with Windows Update problems, and prevent major pitfalls that arise with the sheer volume of downloaded content from a Windows update.

Windows update problems go beyond simple missteps

Windows Server Update Services is a centralized, automated change management tool for Windows-based enterprises that can address typical Windows update issues.

There are times administrators apply updates -- especially Windows updates -- without any meaningful testing process. Administrators may install updates simply because another Patch Tuesday rolls around, and then administrators must scramble to find and fix errors, or respond to help desk tickets from disgruntled users.

Another problem with the patching process occurs because the Windows Update feature runs on each individual system. Windows Update delivers service packs and other patches to the operating system, and an expanded version, Microsoft Update, covers other Microsoft products. Administrators must manually run Windows Update on each box -- and keep track of machines that may or may not have been updated, as part of change management. It's a time-consuming and error-prone process, and an overlooked server could create unwanted differences in Windows patch levels that expose the business to unexpected vulnerabilities and potentially violate compliance requirements. These errors could also result in added time and costs for unnecessary troubleshooting.

How can WSUS help?

Windows Server Update Services (WSUS) is a centralized, automated change management tool for Windows-based enterprises that can address typical Windows update problems. Organizations can deploy a WSUS server to create a centralized update platform. Larger organizations can deploy multiple WSUS servers to handle the additional traffic as patches download. WSUS servers obtain the latest updates from Microsoft, but that content is not distributed to other servers and systems within the business without direct administrator consent.

Windows Server 2016 features focus on evolving IT landscape

SearchWindowsServer speaks with cloud architect Thomas Maurer about some of the changes in Windows Server 2016 and the ways administrators can prepare themselves for a future that has tilted toward the cloud and containers. Click here for an edited transcript of this podcast.

WSUS gives administrators more time to test each update before deployment. This testing process can reduce the need for rollbacks. WSUS behavior also ensures the approved updates are pushed out automatically to every affected system at the same time, preventing configuration drift.

WSUS has been available for several years, but the release of Windows Server 2016 brings various principal improvements to the WSUS server role. Perhaps the most noteworthy enhancement is the continued support for Windows PowerShell cmdlets, allowing administrators to handle important WSUS tasks through PowerShell on the command line or with scripts.

Beyond that, WSUS is now more flexible and easier to deploy, and administrators can add or remove the WSUS role from a server using the Server Manager console. WSUS also features SHA256 secure hash algorithm support to encrypt update content, improving security. WSUS running on Windows Server 2016 can handle clients and servers differently, and Windows Update Agent can operate independently -- connecting to WSUS servers as the source of updates rather than typical Windows Update.

Next Steps

More ways to tackle Windows Update issues

October Patch Tuesday changes the monthly release structure

Use WSUS to get rid of a bad patch

Dig Deeper on Windows administration tools