Looking for an affordable way to keep your user workstations humming with all of those critical security updates and hotfixes? Software Update Services doesn't have all the answers, but it's a good solution for the cost -- free -- from Microsoft. Enhanced version upgrades come free, as well. And you don't need Active Directory to take advantage of it.
Microsoft designed the SUS server to be located on your organization's private network, behind a firewall or proxy server. The current version is SUS 1.0, Service Pack 1. Microsoft is expected to release SUS version 2.0 by the end of 2003.
If you follow these step-by-step instructions and then use our registry file modification, you'll be up and running in less than an hour. But first, here's some background information about how SUS works.
Once a day, your local SUS server will make a connection to Microsoft and download all of the latest critical updates. The administrator then approves some or all of the critical updates for distribution to the workstations. The install begins after properly configured workstations power on or, if a workstation was left on overnight, at a pre-configured, set time. The workstation connects to the SUS server, downloads the updates, verifies that they are from Microsoft (using a digital certificate), then installs the patches. Since many of the critical updates require a reboot, Microsoft has, in some cases, chained the updates, which allows for the patches to be installed together with only one reboot after the final patch has been applied. Before you think you are in update utopia, however, there are a few SUS shortcomings of which you should be aware:
These are significant limitations, but I have yet to find a better product for the
To continue reading for free, register below or login
To read more you must become a member of SearchEnterpriseDesktop.com
price. In the future, Microsoft promises to address these limitations, as well as those that haven't yet cropped up.
Now for the big bomb -- SUS only works with XP Pro, Windows 2000 Server and Professional and Windows Server 2003. There's no help here for keeping all of your 95/98/CE/ME/NT machines up to date. But, to my way of thinking, it's still worth it, even if it only helps with a few of your enterprise machines.
A final note: once you get your SUS server up and running, be sure to take a look at the SUS deployment guides and release notes on the Microsoft SUS Web site. The documentation is voluminous. There are two documents -- one is about 90 pages long, and the second is 14 pages. But within these 100-plus pages are bits of information that will assist you in tuning some settings.
Microsoft also provides e-mail notification when new critical updates are available. You can subscribe to this service on the Microsoft Web site, but you will need a Passport account. If you feel uncomfortable about supplying Microsoft with personal information for a Passport account, just check your SUS server daily for updates.
>> Continue on to:
Step-by-step guide: Installing Software Update Services on the server
Step-by-step guide: Installing Software Update Services on the client
About the author: Douglas R. Spindler is the Active Directory project coordinator at Lawrence Berkeley National Laboratory and a technology consultant living in the San Francisco Bay area. He holds an MCSE + Internet certification and is a freelance writer, lecturer and president of the San Francisco Networking Technologies User Group. He can be reached at drspindler@sfntug.org
FOR MORE INFORMATION
SUS Crash Course.
