Understanding Windows Server Update Services
Windows Update retrieves updates from the Microsoft Update servers on the Internet. Although this configuration works well for small deployments, when there are more than 10 computers running Windows 7 in a single location, you can make significant bandwidth savings by deploying a centralized software update solution like Windows Server Update Services (WSUS), System Center Essentials, or System Center Configuration Manager (SCCM) 2007. These products function as a local Microsoft Update server. Rather than each client downloading the same update over an organization's Internet connection, the local update server can download an update once to the LAN, and then each client can retrieve the update off the local update server. Because System Center Essentials and SCCM software update deployments build off WSUS, this lesson concentrates primarily on WSUS. Clients running Windows 7 require that the WSUS server be running WSUS 3.0 with Service Pack 1 or later.
More Info SCCM 2007 To learn more about SCCM 2007, navigate to the following Web site: http://www.microsoft.com/systemcenter/configurationmanager/en/us/default.aspx.
WSUS allows administrators to deploy updates according to a schedule that best meets the needs of the organization. A drawback of relying on Microsoft Update is that updates are released according to Microsoft's schedule, which does not give an organization time to test that an update is fully compatible with their client computers if Windows Update has been configured to install any detected updates. When an organization uses WSUS, it can test an update on a small group of computers before deploying it to all computers in the organization.
In many WSUS deployments, an administrator takes control of updates centrally. This means that the decision as to which updates to install and when to install them occurs centrally rather than on each client computer. Administrators can enforce these decisions through update policies. You will learn about configuring update policies later in this lesson.
WSUS allows administrators to organize client computers into groups. Groups allow for the staggered deployment of updates. This means that you can deploy updates on some computers but not on others. You create groups on the WSUS server. After the groups are created on the WSUS server, you can configure a client to join a group by configuring the Enable Client Side Targeting policy, which you will learn about later in this lesson, or by manually assigning computers to groups using the WSUS console.
WSUS also allows administrators centrally to roll back the installation of an update across all computers in the organization. For example, if an update causes a problem in an organization that relies only on Microsoft Update, administrators have to uninstall and then hide the update on each computer in the organization manually. If an update causes a problem in an organization that uses WSUS, the update administrator can roll back the update from WSUS, which removes that update from all client computers in the organization. It is not necessary to hide a rolled back update because the WSUS server makes approved updates available only to Windows Update clients.
More Info WSUS
To learn more about WSUS, consult the Windows Server Update Services TechCenter at the
following Microsoft TechNet address: http://technet.microsoft.com/en-us/wsus/default.aspx.
In this tutorial:
- Windows 7 and Other software Up to Date
- Understanding Windows Live
- Updates versus upgrades
- Why updates are important
- Windows Update
- Windows Update: The essentials
- Types of Updates
- Completing an Update
- Configuring automatic Updating
- Windows Update Applet and Functions
- Manually Install Updates Using Windows Update
- Action Center
- Updates Do Not Install Properly
- Other Windows Update Settings
- Configuring Windows 7 Update to Use a Proxy Server
- Can't Find Hidden Update
- Viewing and Changing Installed Updates
- Can't Uninstall Current Update
- Upgrade Windows Anytime
- Understanding Windows Server Update Services
- Windows Update Policies
- Updating Drivers
- Using Device Manager to Update Drivers
- Windows Update Driver Settings
- Windows 7 Service Packs
- Basic Service Pack Information
- Installation of Service Packs
- Installing and Removing Software
- Installation via CD or DVD
- Problem Installing from Disc
- Installation via Downloaded Program
- Viewing and Changing Programs
- Uninstalling Software
- Compatibility Issues in 64-Bit Version
- Upgrade Issues with 64-Bit Windows 7
- Other Program Compatibility Issues
- Side-by-Side Installs and Virtual Registries
- Removing Updates from Windows 7
- Thwarting Exploits with DEP
- Microsoft Baseline Security Analyzer
- Picking Computers to Scan
- Vulnerability Checks
- Installing MBSA
- Running the MBSA
- Running the MBSACLI
- MBSACLI Location
- Running in an Isolated Environment
- Using Windows Server Update Services
- WSUS Updates
- WSUS Requirements
- Installing, Configuring, and Using WSUS
- Adding the Application Server and Web Server (IIS) Roles
- Installing the Report Viewer
- Installing WSUS
- Configuring Group Policy Settings for WSUS
- Creating a GPO to Configure Clients to Use WSUS
- Verifying That Clients Are Using GPO Settings for WSUS
- Verifying That Clients Are Using GPO Settings with GPResult
- Creating Computer Groups on WSUS
- Approving Updates in WSUS
- Viewing WSUS Reports