Data Centers

Learn what Microsoft's Windows Server Update Services (WSUS) has to offer

As the successor to Microsoft's popular Software Update Services (SUS), the newly released Windows Server Update Services (WSUS) is the new and improved patch and update component of the Windows Server family of products. Mike Mullins takes a look at WSUS and explores what new functionality this tool brings to the update table.

Released last month at Microsoft's TechEd conference, Windows Server Update Services (WSUS) is the successor to Microsoft's popular Software Update Services (SUS), a patch and update component of the Windows Server family of products. WSUS is the next step in patching and updating operating systems, components, and applications from one standard, administratively controlled interface.

The software requirements vary depending on the platform you use for deployment. But before we delve into the specific requirements for Windows 2000 Server and Windows Server 2003, let's talk databases. Yes, you do need a database for your WSUS deployment. The database requirement stems from some of the major improvements you can realize by deploying WSUS. Microsoft recommends SQL 2000, but MSDE (which downloads with WSUS) will work just fine.

In addition to a database, WSUS also has a few more requirements. Here are the prerequisites for installing WSUS on Windows Server 2003:

  • Microsoft Internet Information Services (IIS) 6.0
  • Background Intelligent Transfer Service (BITS) 2.0
  • Microsoft .NET Framework 1.1 Service Pack for Windows Server 2003

Here are the prerequisites for installing WSUS on Windows Server 2000:

  • Microsoft Internet Information Services (IIS) 5.0
  • Background Intelligent Transfer Service (BITS) 2.0
  • Microsoft Internet Explorer 6.0 SP1
  • .NET Framework 1.1 Redistributable Package
  • .NET Framework 1.1 Service Pack for Windows Server 2000

So, what makes WSUS so special? How does it differ from the original SUS? Well, in addition to including SUS' current capabilities, WSUS also brings the following to the update table:

  • Support for Windows 2000 and later operating systems, as well as Microsoft Office Suite 2003, Microsoft Office Suite XP, Exchange Server 2003, SQL Server 2000, and MSDE 2000 (WSUS will continue to evolve to include all Microsoft corporate software.)
  • Support for service packs
  • Availability of predefined, standard reports on installation status (Reporting data is also available via an API.)
  • Inventory management of update clients through basic hardware inventory, including host name, operating system version, language, and IP address

In addition, WSUS offers administrators more control over the entire update process, and it includes targeting capabilities based on both server-side target groups containing cataloged lists of systems as well as client-side definitions (centrally configurable via Group Policy or scripting) or detection. WSUS also features rollback capability for updates.

Final thoughts

WSUS offers general control over and reporting of updating and patching Microsoft operating systems and applications across your entire forest. However, if your network requires support for the deployment of software packages, reporting on software and hardware inventory, or remote-control functionality, I recommend skipping WSUS and heading straight for Systems Management Server (SMS) 2003.

Microsoft made a commitment to improve the security of the products they sell. WSUS is a good start on fulfilling that promise. Take advantage of its free software, and take control over updating your Windows network.

Miss an issue?

Check out the new Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.

Editor's Picks