Windows 7 / Getting Started

Keeping Up with Service Packs and Updates

Service packs (SPs) and updates for both the operating system and applications are vital parts to maintaining availability, reliability, performance, and security. Microsoft packages these updates into SPs or individually.

An administrator can update a system with the latest SP or update in several ways: Automatic Windows Updates, CD-ROM, manually entered commands, or Microsoft Windows Server Update Services (WSUS).

NOTE: Thoroughly test and evaluate SPs and updates in a lab environment before installing them on production servers and client machines. Also, install the appropriate SPs and updates on each production server and client machine to keep all systems consistent.

Manual Update or CD-ROM Update

Manual updating is typically done when applying service packs, rather than hotfixes. Service packs tend to be significantly larger than updates or hotfixes, so many administrators will download the service pack once and then apply it manually to their servers. Or the service pack will be obtained on CD-ROM.

When a Service Pack CD-ROM is inserted into the drive of the server, it will typically launch an interface to install the service pack.

In the case of downloaded service packs or of CD-ROM-based service packs, the service pack can also be applied manually via a command line. This allows greater control over the install (see Table-7), such as by preventing a reboot or to not back up files to conserve space.

TABLE-7 Update.exe Command-Line Parameters 
Update.exe
Parameter 	Description
-f 		Forces applications to close at shutdown.
-n 		Prevents the system files from being backed up.
                This keeps SPs from being uninstalled.
-o 		Overwrites OEM files.
-q 		Indicates Quiet mode; no user interaction is
                required.
-s 		Integrates the SP in a Windows 2008 share.
-u 		Installs SP in Unattended mode.
-z 		Keeps the system from rebooting after installation.

Hotfixes can also be controlled in a similar manner by downloading them and then using the command-line parameters shown in Table-8.

TABLE-8 Hotfix.exe Command-Line Parameters 
Hotfix.exe
Parameters 	Description
-f 		Forces applications to close at shutdown.
-l 		Lists installed updates.
-m 		Indicates Unattended mode.
-n 		Prevents the system files from being backed up.
                This keeps updates
		from being uninstalled.
-q 		Indicates Quiet mode; no interaction is required.
-y 		Uninstalls the update.
-z 		Keeps the system from rebooting after installation.

Automatic Updates

Windows 2008 can be configured to download and install updates automatically using Automatic Windows Updates. With this option enabled, Windows 2008 checks for updates, downloads them, and applies them automatically on a schedule. The administrator can just have the updates downloaded, but not installed to give the administrator more control over when they are installed. Windows Update can also download and install recommended updates, which is new for Windows 2008.

When the Windows 2008 operating system is installed, Windows Update is not configured and a message is displayed on logon. The Server Manager Security Information section shows the Windows Update as Not Configured. This can be an insecure configuration, as security updates will not be applied.

Windows Updates can be configured using the following steps:

  1. Launch Server Manager.
  2. Click on the Configure Updates link in the Security Information section.
  3. Click on the Have Windows Install Updates Automatically to have the updates downloaded and installed.
  4. The Windows Updates status will change to Install Updates Automatically Using Windows Updates.

The configuration of Windows Update can be reviewed by clicking on the Configure Updates link again. The Windows Update console appears. The console also shows when updates were checked for last. In the console, the administrator can also do the following:

  • Manually check for updates.
  • Change the Windows Updates settings.
  • View the update history.
  • See installed updates.
  • Get updates for more products.

The link to get updates for more products allows the administrator to check for updates not just for the Windows 2008 platform, but also for other products such as Microsoft Exchange and Microsoft SQL. Clicking the link launches a web page to authorize the server to check for the broader range of updates.

Clicking the Change Settings link allows the Windows Update setting to be changed. The Change Settings window, allows the administrator to adjust the time of installs, to install or just download, and whether to install recommended updates. The Windows Updates functionality is a great tool for keeping servers updated with very little administrative overhead, albeit with some loss of control.

Windows Server Update Services

Realizing the increased administration and management efforts administrators must face when using Windows Update to keep up with SPs and updates for anything other than small environments, Microsoft has created the Windows Server Update Services (WSUS) client and server versions to minimize administration, management, and maintenance of mid- to large-sized organizations. WSUS 3.0 SP1 communicates directly and securely with Microsoft to gather the latest SPs and updates.

Microsoft Windows Server Update Services provides a number of features to support organizations, such as the following:

  • Support for a broad range of products such as Windows operating system family, Exchange messaging, SQL Server, Office, System Center family, and Windows Defender
  • Automatic download of updates
  • Administrative control over which updates are approved, removed, or declined; the remove option permits updates to be rolled back
  • Email notification of updates and deployment status reports
  • Targeting of updates to specific groups of computers for testing and for control of the update process
  • Scalability to multiple WSUS servers controlled from a single console
  • Reporting on all aspects of the WSUS operations and status
  • Integration with Automatic Windows Updates

The SPs and updates downloaded onto WSUS can then be distributed to either a lab server for testing (recommended) or to a production server for distribution. After these updates are tested, WSUS can automatically update systems inside the network.

The following steps install the Windows Server Update Services role:

  1. Open the Server Manager console.
  2. Select the Roles folder and click Add Roles.
  3. In the Add Roles Wizard, select Windows Server Update Services and follow the instructions onscreen. The wizard will install WSUS 3.0 SP1 and any required components, including Web Server (IIS), if needed.

Unlike other server roles, the binaries for WSUS 3.0 SP1 are downloaded from Microsoft. This ensures that anytime WSUS is installed, you will always be installing the most current version.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows Server 2008 Management and Maintenance
  2. Initial Configuration Tasks
  3. Managing Windows Server 2008 Roles and Features
  4. Server Manager
  5. Server Manager Diagnostics Page
  6. Server Manager Reliability and Performance Monitor
  7. Server Manager Configuration Page
  8. Server Manager Storage Page
  9. Auditing the Environment
  10. Auditing Resource Access
  11. Managing Windows Server 2008 Remotely
  12. Server Manager Command-Line Tool
  13. Using Common Practices for Securing and Managing Windows Server 2008
  14. Keeping Up with Service Packs and Updates
  15. Maintaining Windows Server 2008
  16. Running the Domain Controller Diagnosis Utility