In this two-part series, Serdar Yegulalp explains the benefits of Windows Update Services, the next version of Software Update Services (SUS), which is currently available for open evaluation until the final product is released later in 2005. Serdar covers how to set up WUS on a server in part one below. In part two, he'll detail how to use it to roll out XP SP2 updates to desktops and when not to use WUS.
Microsoft's Windows Update Services (WUS), formerly known as Software Update Services, is set to be released in 2005. Currently available for open evaluation, WUS lets administrators silently custom-deploy updates and fixes throughout a network using Windows Update technology. But, to do so, you first have to make sure it's properly configured. In part one of this tip, I'll outline the benefits of WUS and explain how to set it up on a server.
The following is a list of reasons why you should consider using WUS. Note, in part two of this series, I will identify when it's best not to use WUS.
- Total administrative management
Administrators can install the updates that they want when they want, and withhold updates that may conflict with existing installed software.
- Silent installs
Updates to systems with Windows Update enabled can be rolled out "silently," without user interaction, and are installed at the next reboot.
- Granular installs
WUS lets you specify target groups of computers for deploying updates. The default updates all computers in your organization, but groups can be created through Group Policy or by adding computer names manually.
- No user hassles
Users don't need to install anything themselves. Administrators can also let the server retrieve and deploy the updates without intervention.
How to run WUS on a server
Before you begin setting up WUS, you'll need IIS 5.0 or later, the .NET Framework 1.1 or better (included with Windows Server 2003), and the Background Intelligent Transfer Service (BITS) 2.0 or better. BITS is also a required component for each client. WUS will also install the SQL Server 2000 Desktop Engine as part of its component package, but if you want to use an existing SQL Server or SQL Server Desktop installation instead, you can specify that during setup. Desktop computers need to have BITS 2.0 or better installed, as documented on this Microsoft support page.
During the install you'll be presented with an option labeled "Store updates locally." If you choose this option and provide a pathname, WUS will only roll out valid updates stored in that path rather than attempt to contact Microsoft for the latest updates. This is useful if you want to control which updates are rolled out by downloading them manually and placing them in the provided directory.
If you choose to obtain updates from Microsoft, you must allow access on ports 80 and 443 from that server to Microsoft.com and Windows.com, so be sure to configure your firewall correctly. If you're using a proxy server to go through the firewall, you can specify the proxy using the WUS console (installed in Start/All Programs/Administrative Tools/Microsoft Windows Update Services). Select Options/Synchronization Options/Proxy Server to do this.
Click for part two on using WUS to roll out XP SP2 and when to avoid using this update tool.
More Information from SearchWindowsSecurity.com
- Tip: Author Jonathan Hassell outlines what not to do when patching Windows
- Tip: Get help prioritizing critical Windows patches
- Tip: Get tools to ease patching pains