Windows Server Update Services


Windows Server Update Services, previously known as Software Update Services, is a computer program and network service developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. WSUS downloads these updates from the Microsoft Update website and then distributes them to computers on a network. WSUS is an integral component of Windows Server.

History

The first version of WSUS was known as Software Update Services. At first, it only delivered hotfixes and patches for Microsoft operating systems. SUS ran on a Windows Server operating system and downloaded updates for the specified versions of Windows from the remote Windows Update site which is operated by Microsoft. Clients could then download updates from this internal server, rather than connecting directly to Windows Update. Support for SUS by Microsoft was originally planned to end on 6 December 2006, but based on user feedback, the date was extended to 10 July 2007.
WSUS builds on SUS by expanding the range of software it can update. The WSUS infrastructure allows automatic downloads of updates, hotfixes, service packs, device drivers and feature packs to clients in an organization from a central server or servers.

Operation

Windows Server Update Services 2.0 and above operate on a repository of update packages from Microsoft. It allows administrators to approve or decline updates before release, to force updates to install by a given date, and to produce extensive reports on which updates each machine requires. System administrators can also configure WSUS to approve certain classes of updates automatically. One can also approve updates for detection only, allowing an administrator to see which machines will require a given update without also installing that update.
WSUS may be used to update computers on a disconnected network. This requires exporting patch data from a WSUS server connected to the internet and, using removable media, importing to a WSUS server set up on the disconnected network.
Administrators can use WSUS with Group Policy for client-side configuration of the Automatic Updates client, ensuring that end-users can't disable or circumvent corporate update policies. WSUS does not require the use of Active Directory; client configuration can also be applied by Local Group Policy or by modifying the Windows registry.
WSUS uses.NET Framework, Microsoft Management Console and Internet Information Services. WSUS 3.0 uses either SQL Server Express or Windows Internal Database as its database engine, whereas WSUS 2.0 uses WMSDE. System Center Configuration Manager interoperates with WSUS and can import third party security updates into the product.

Licensing

WSUS is a feature of the Windows Server product and therefore requires a valid Windows Server license for the machine hosting the service. The fact that user workstations authenticate themselves on the WSUS service to retrieve their updates makes it necessary to acquire a fileserver client access license for each workstation connecting to the WSUS service. Fileserver CAL for WSUS is the same CAL as the one required for connecting to a Microsoft Active Directory, fileserver and printserver, and has to be acquired once for a device or a user.
WSUS is often considered as a free product because fileserver CAL are already paid for in an enterprise network that has a Microsoft Active Directory and thus do not need to be acquired again.
In a network using Samba Active Directory, it is not necessary to purchase CALs to connect to the domain controller or connect to a Samba file server. However, the use of a WSUS server will still require the purchase of client access licenses for all Windows workstations that will connect to the WSUS server.

Version history