Problem solve Get help with specific problems with your technologies, process and projects.

WSUS: The basics

Windows Server Update Services (WSUS) is the latest incarnation of Server Update Services. It's more powerful than its predecessor, but it still has its limitations.

A major part of managing any network and computer assets these days is staying on top of the vulnerabilities that can affect the applications and operating systems. To help network and security administrators with patch deployments, Microsoft created Windows Server Update Services, or WSUS (WSUS is the latest incarnation of the free Microsoft patch management offerings, superseding previous versions such as Server Update Services.)

WSUS requires a back-end database of some sort, and Microsoft recommends that you use SQL Server 2000. WSUS ships with Microsoft Windows SQL Server 2000 Desktop Engine (WMSDE), which is fine for most WSUS installations. Installing WSUS also requires at a minimum IIS (Internet Information Services), BITS (Background Intelligent Transfer Service) 2.0 and .NET Framework.

There are not many free patch management solutions to compare WSUS against. As it relates to its predecessor, SUS, WSUS expands the capabilities to include a wide range of features that make WSUS much more powerful and versatile.

For starters, WSUS supports patch management not only for the Windows operating system (Windows 2000 or later), but also for Microsoft Office applications, Exchange Server, SQL Server and MSDE. Microsoft plans to grow the support in WSUS to include managing patches and updates for all Microsoft software.

In addition, WSUS provides support for service packs, a basic inventory management capability and some basic reporting functionality. Microsoft has built in more granular control over the patch deployment process, and there's a rollback feature to undo patches or updates as well.

SUS has been favorably accepted by those who have used it. With WSUS, Microsoft has raised the bar and provides much broader and more powerful functionality to help its customers maintain their patch management efforts free of charge. However, WSUS is still limited to Microsoft products -- and even some of those are beyond the scope of WSUS.

If you want more flexible patch management solutions that work across a broader range of products and applications from a variety of vendors, look at purchasing a commercial patch management tool. (Click here to read about some of the popular commercial patch management tools.)

Tony Bradley, a consultant and writer, focuses on network security and antivirus and incident response. He is the author of guide for Internet/Network Security, which provides a broad range of security tips, advice, reviews and information.

Dig Deeper on Windows Server troubleshooting