Windows 7 / Getting Started

Understanding Windows Server Update Services

Windows Update retrieves updates from the Microsoft Update servers on the Internet. Although this configuration works well for small deployments, when there are more than 10 computers running Windows 7 in a single location, you can make significant bandwidth savings by deploying a centralized software update solution like Windows Server Update Services (WSUS), System Center Essentials, or System Center Configuration Manager (SCCM) 2007. These products function as a local Microsoft Update server. Rather than each client downloading the same update over an organization's Internet connection, the local update server can download an update once to the LAN, and then each client can retrieve the update off the local update server. Because System Center Essentials and SCCM software update deployments build off WSUS, this lesson concentrates primarily on WSUS. Clients running Windows 7 require that the WSUS server be running WSUS 3.0 with Service Pack 1 or later.

More Info SCCM 2007 To learn more about SCCM 2007, navigate to the following Web site: http://www.microsoft.com/systemcenter/configurationmanager/en/us/default.aspx.

WSUS allows administrators to deploy updates according to a schedule that best meets the needs of the organization. A drawback of relying on Microsoft Update is that updates are released according to Microsoft's schedule, which does not give an organization time to test that an update is fully compatible with their client computers if Windows Update has been configured to install any detected updates. When an organization uses WSUS, it can test an update on a small group of computers before deploying it to all computers in the organization.

In many WSUS deployments, an administrator takes control of updates centrally. This means that the decision as to which updates to install and when to install them occurs centrally rather than on each client computer. Administrators can enforce these decisions through update policies. You will learn about configuring update policies later in this lesson.

WSUS allows administrators to organize client computers into groups. Groups allow for the staggered deployment of updates. This means that you can deploy updates on some computers but not on others. You create groups on the WSUS server. After the groups are created on the WSUS server, you can configure a client to join a group by configuring the Enable Client Side Targeting policy, which you will learn about later in this lesson, or by manually assigning computers to groups using the WSUS console.

WSUS also allows administrators centrally to roll back the installation of an update across all computers in the organization. For example, if an update causes a problem in an organization that relies only on Microsoft Update, administrators have to uninstall and then hide the update on each computer in the organization manually. If an update causes a problem in an organization that uses WSUS, the update administrator can roll back the update from WSUS, which removes that update from all client computers in the organization. It is not necessary to hide a rolled back update because the WSUS server makes approved updates available only to Windows Update clients.

More Info WSUS
To learn more about WSUS, consult the Windows Server Update Services TechCenter at the following Microsoft TechNet address: http://technet.microsoft.com/en-us/wsus/default.aspx.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows 7 and Other software Up to Date
  2. Understanding Windows Live
  3. Updates versus upgrades
  4. Why updates are important
  5. Windows Update
  6. Windows Update: The essentials
  7. Types of Updates
  8. Completing an Update
  9. Configuring automatic Updating
  10. Windows Update Applet and Functions
  11. Manually Install Updates Using Windows Update
  12. Action Center
  13. Updates Do Not Install Properly
  14. Other Windows Update Settings
  15. Configuring Windows 7 Update to Use a Proxy Server
  16. Can't Find Hidden Update
  17. Viewing and Changing Installed Updates
  18. Can't Uninstall Current Update
  19. Upgrade Windows Anytime
  20. Understanding Windows Server Update Services
  21. Windows Update Policies
  22. Updating Drivers
  23. Using Device Manager to Update Drivers
  24. Windows Update Driver Settings
  25. Windows 7 Service Packs
  26. Basic Service Pack Information
  27. Installation of Service Packs
  28. Installing and Removing Software
  29. Installation via CD or DVD
  30. Problem Installing from Disc
  31. Installation via Downloaded Program
  32. Viewing and Changing Programs
  33. Uninstalling Software
  34. Compatibility Issues in 64-Bit Version
  35. Upgrade Issues with 64-Bit Windows 7
  36. Other Program Compatibility Issues
  37. Side-by-Side Installs and Virtual Registries
  38. Removing Updates from Windows 7
  39. Thwarting Exploits with DEP
  40. Microsoft Baseline Security Analyzer
  41. Picking Computers to Scan
  42. Vulnerability Checks
  43. Installing MBSA
  44. Running the MBSA
  45. Running the MBSACLI
  46. MBSACLI Location
  47. Running in an Isolated Environment
  48. Using Windows Server Update Services
  49. WSUS Updates
  50. WSUS Requirements
  51. Installing, Configuring, and Using WSUS
  52. Adding the Application Server and Web Server (IIS) Roles
  53. Installing the Report Viewer
  54. Installing WSUS
  55. Configuring Group Policy Settings for WSUS
  56. Creating a GPO to Configure Clients to Use WSUS
  57. Verifying That Clients Are Using GPO Settings for WSUS
  58. Verifying That Clients Are Using GPO Settings with GPResult
  59. Creating Computer Groups on WSUS
  60. Approving Updates in WSUS
  61. Viewing WSUS Reports