As you know, Microsoft Software Update Services (SUS) is a free download that lets you download all critical updates to a Windows 2000 or later server, then distribute them to your network's Windows servers and workstations. You can download SUS from http://www.microsoft.com/windowsserversystem/sus/default.mspx. For networks with at least one Windows 200x Server, SUS gives the network administrator a way to automate patch management and eliminates the need to manually download and install critical updates on individual workstations. In the second half of 2004, Microsoft will release the successor to SUS, Windows Update Services (WUS). WUS will expand SUS capabilities to include patching server applications such as Microsoft SQL Server and Microsoft Exchange Server. Because of the recent Download.Ject browser highjack attacks that exploit a MIME Encapsulation of Aggregate HTML Documents (MHTML) and an ADODB weakness, you might want to implement SUS now and upgrade to WUS as soon as Microsoft releases it. For more information about this attack, visit http://www.winnetmag.com/windowssecurity/article/articleid/43088/windowssecurity_43088.html.
If you're thinking about installing SUS, consider the following points: 1. SUS supports only Win2K and later and XP. If you have mostly Windows 9x workstations, then SUS isn't for you. 2. Make sure you have a fast Internet connection. The initial SUS download might take a day or longer, depending on the connection speed. 3. Make sure you have enough space on your server before you install SUS. Downloading all the critical updates will take roughly 11GB of disk space. When you install SUS, the installation stores the patches on the drive with the most amount of free disk space but verify that you have 11GB of free space on your server. 4. If you have a WAN with multiple servers, you typically install SUS on a server in each WAN location. Then you designate a server as a master SUS server, distribute all the updates to the remote servers, then have the workstations receive their updates from the local SUS server. The initial download can place a tremendous load on your WAN so consider performing the initial SUS synchronization over a long weekend. 5. SUS can't push out service packs. 6. SUS can't push out patches to other server and workstation applications such as Exchange, SQL Server, and Microsoft Office. 7. SUS doesn't let you scan your network for missing patches, so verifying that all patches were correctly installed is difficult. 8. By default, the SUS installation installs the URLscan tool on the server. If you install SUS on a server running Exchange 2000, URLscan might break Microsoft Outlook Web Access (OWA). To work around this problem, you must uninstall URLscan tool or configure it to work with OWA. For more information about this problem, refer to the Microsoft article "IIS lockdown and URLscan configurations in an Exchange environment" (http://support.microsoft.com/?kbid=309508).
Although WUS will address many SUS limitations, SUS is still useful if you want a tool to deploy critical OS, IIS, and Internet Explorer (IE) updates. Make sure you test all updates on a select group of workstations before deploying the update to your entire network. If you have multiple SUS servers, consider setting up a master approval server, so you don't have to individually approve the updates on each server. Avoid consuming excessive WAN bandwidth by making sure that workstations receive their updates from a local SUS server.
You can use Group Policy to configure workstations to receive updates from a SUS server rather than from the Internet. If you runWindows Server 2003 or XP, consider installing the Group Policy Management Console (GPMC) to manage Group Policy. You can download the GPMC from http://www.microsoft.com/windowsserver2003/gpmc/default.mspx. If you have more than a few policies to manage, the GPMC makes Group Policy management much easier. If you haven't yet downloaded the tool, make your life easier and download the GPMC.
Tip Sysinternals' Autoruns is a utility that displays all the programs that automatically load when you start Windows. You can download the tool from http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml. This utility is useful if your machine gets a virus or you suspect that a hacker has compromised your system. A compromised machine is often configured to auto-load the virus or hacking program each time the machine restarts or a user logs on. Autoruns can help you identify and prevent rogue programs from automatically loading when your system starts. I recommend you download the tool now, so you have it when you need it. Best of all, it 's free!
End of Article
SUS does support service packs see http://www.microsoft.com/windowsserversystem/sus/susfaq.mspx
jkal July 13, 2004 (Article Rating: )
Several people have informed me that SUS does suppport Service Pack installations for Windows XP, and 200x as long as you have Win2000 SP3 or the SUS client update. Thanks for the information!
AlanSugano July 13, 2004 (Article Rating: )
I don't find the tips in this article very usefull cause all that is writen down is already known. Wus beta which I ran has also limitations specially when the thingy is going to loop then you have a nice issue. I can only hope WUS gold release will have fixed the issue were it won't download deselected parts as 64bits windows were WUS beta simply downloads all wheather you have selected it or not.
with kind regards, hans The Netherlands.
mutsje July 14, 2004 (Article Rating: )
Check out this site for more useful SUS info. http://forums.susserver.com/
ellisol July 21, 2004 (Article Rating: )
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
)
)
)
Register
http://www.microsoft.com/windowsserversystem/sus/susfaq.mspx
jkal July 13, 2004 (Article Rating: