WSUS is Windows Software Update Services. It's a free package available from Microsoft which can help you manage the deployment of Microsoft software updates to your Windows servers and workstations.
Windows includes an automatic updates feature which, if enabled, lets the workstation automatically download updates from Microsoft. Depending on which version of Windows, how it's configured, whether the user has administrative rights to their own PC, and whether they've installed Microsoft Update, it may notify the user when updates are ready to be downloaded, may notify the user when updates are ready to be installed, may install them automatically, and may include updates not only for Windows but also for other software such as Office.
"May" appears a lot in there, and for good reason. Unless you've set up security to prevent it, users can change their automatic update settings, or fail to install updates, or get updates for Windows but not for Office. You may not be able to manage this, and you probably can't track it, so the only way to know for sure if your users' workstations are up to date is to visit each one and check manually. We have seen a lot of workstations at many client sites which were months or even years behind on patches, because every time automatic updates notified the user of new updates, the user either chose not to install them or simply ignored the notification.
WSUS lets the administrator decide which updates are to be installed, track which machines have which updates installed, and in many cases force updates to be installed on users' workstations.
Another advantage of WSUS is that it downloads the updates onto a server at your site, and then the clients get the updates from that server. Each update need only be downloaded from the Internet once; the rest of the traffic stays within your network. At times when there are large updates or large volumes of updates, this could have a significant effect on how much Internet bandwidth is used to download updates.
There are some other WSUS features which are likely to be of more use in a large environment with hundreds of users and/or multiple geographical locations. In order to keep this newsletter reasonably brief, we will not go into details on these features.
WSUS has fairly significant resource requirements on the server. The main requirements for the current version of WSUS (at the time of writing) are:
A new version of WSUS is currently under development. Its hardware requirements will likely be similar, but it will require that the server run Windows 2003.
It typically takes about a day to install and configure WSUS and to train an IT administrator on using it. The server will generally require at least one reboot during this process.
If you find that keeping your workstations up to date is a significant drain on your IT resources, and if you have a server powerful enough to handle WSUS, you should seriously consider deploying it.
Microsoft has information on WSUS on their Web site. The main page is http://www.microsoft.com/windowsserversystem/updateservices/default.mspx and from this page you can get information on both the current version (WSUS with SP1) and the upcoming version (WSUS 3.0).
Scientia Systems has experience with WSUS. We would be happy to discuss it with you to help you determine whether WSUS is right for your environment. If you decide to use WSUS, we can install and configure it for you and show you how to manage it.
Back to list of newsletters