Microsoft Windows Update Services Server
May 19, 2004
Published: June 3, 2004
Note: Portions of this transcript have been edited for clarity.
Introduction
Moderator: Julia (Microsoft)
My name is Julia Ziobro and I will be your moderator today. I am pleased to welcome our experts for today, they include Ty, Don, Bobbie, Ben, Gigi, Brian, and Tim. I will have them introduce themselves now.
Host: Ty (Microsoft)
Hello, my name is Ty. I am a member of the Windows Update Services test team.
Host: Don (Microsoft)
Hi all, my name is Don Cottam and am a tester on the Windows Update Services team.
Host: Bobbie (Microsoft)
Hi I’m Bobbie Harder. Windows Update Services Program Manager
Host: Tim (Microsoft)
Hi, my name is Tim. I am a tech writer on the User Assistance team.
Host: Gigi (Microsoft)
Hi, I’m Gigi. Windows Update Services test team.
Host: Ben (Microsoft)
My name is Ben and I am a documentation writer on the Windows Update Services team
Host: Brian (Microsoft)
Hi, I’m Brian Granowitz a Program Manager for Windows Update Services.
Start of Chat
Host: Bobbie (Microsoft)
Q: I filled out the application for the Open WUS evaluation several months ago, and have not gotten any response. Has anything been sent out, and if so should I apply again
A: Nothing has been sent out to date no need to re-apply. The open evaluation program is planned for Q3 of this year.
Host: Ty (Microsoft)
Q: Is there an upgrade path established from SUS to WUS?
A: We will support the use of a migration tool to SUS1 -to- WUSvc migration.
Host: Brian (Microsoft)
Q: Possibility of Beta participation and also current timeline for release?
A: We’ve reached our limit for the Windows Update Service Technology Adoption Program (TAP\Beta) WRT the number of people we can support. If you go to http://www.microsoft.com/wus you can nominate yourself for the Evaluation Program planned for Q3 of this year. The release is scheduled for Q4 of this year.
Host: Don (Microsoft)
Q: I tried a (unnamed) product for reporting - It didn't work properly since it \needed FQDN of the client. Is this a requirement for the WUS reporting component?
A: The WUS product doesn’t require FQDN but will use it if available.
Host: Ty (Microsoft)
Q: Is there anything that audits a developer workstation to be sure that all the patches, service packs, and hotfixes are applied to Visual Studio to minimize the risk of developing and deploying applications that do not contain the latest fixes?
A: We are actively working with the VS team to integrate update to their product suites into Windows Update Services. nice integrated, the scanning capabilities you ask for will exist.
Host: Don (Microsoft)
Q: What will be the recommended hardware spec? And the number of connecting clients?
A: We’re working on performance testing right now and don’t have a firm definition of hardware specs for the server or # of connecting clients supported. We’ll provide that closer to the open evaluation.
Host: Brian (Microsoft)
Q: will the product support Exchange 2000, ISA Server, or Office 2000? if so, on initial release, or a later date?
A: WUS will provide patches for Exchange 2000 at release. Other Microsoft products will be serviced by WUS, dates TBD. The Office team does not plan to provide patches for Office 2000 on WUS, it’s near its end of life support and they’re focusing their resources on providing XP and 2003.
Host: Gigi (Microsoft)
Q: Will WUS use any component of mssecure.xml or mbsa?
A: WUS will not use any components of mssecure.xml or mbsa.
Host: Bobbie (Microsoft)
Q: Microsoft - Most of these questions could have been avoided if you opened up TAP program to more customers
A: We will have an open eval release later this year Q304
Host: Ty (Microsoft)
Q: Does WUS support the use of source file locations other than the WUS server itself, such as DFS?
A: We support custom configurations of content storage locations, note that all content access will be through WUSvc IIS server.
Host: Brian (Microsoft)
Q: Microsoft - Most of these questions could have been avoided if you opened up TAP program to more customers
A: We’d like to have more customers in the program providing feedback on the product; we’re unable to provide support for additional customers.
Host: Tim (Microsoft)
Q: Starting from a new install, can I use the WUS GUI to create groups of new machines to target? Or is group population done from command line scripts?
A: Yes, you can target clients using the WUS UI. You can also use Active Directory to automatically add clients to target groups
Host: Bobbie (Microsoft)
Q: Will WUS have a similar interface to HFNetChkPro in that you will be able to set up scan groups, patch groups, and deployment templates?
A: WUS will enable you to approve an update for Scan or Install to one or more target groups.
Host: Don (Microsoft)
Q: With WUS, can you stop a reboot if no one is logged in?
A: If the client is set for scheduled install mode, the reboot cannot be prevented if there is no user logged on.
Host: Gigi (Microsoft)
Q: Will there be a separate WUS product release for SA customers with additional functionality?
A: We do not have plans for a separate release for WUS for SA.
Host: Ty (Microsoft)
Q: Will the single user and small environments that still use Windows Update from IE receive all the updates that an organization that uses WUS receive?
A: Most content will be available for both flows; the site as well as the WUSvc / AU client. For security and critical updates, there will be absolute parity between these flows.
Host: Brian (Microsoft)
Q: will WUS allow admins to see which machine have received which patches?
A: Yes, WUS will have extensive reporting to enable you to see which machines have which patches and additional information.
Host: Bobbie (Microsoft)
Q: Will there be any functionality to REMOVE patches that have been found to cause conflicts?
A: The plan is to deliver uninstall capability that support uninstall
Host: Don (Microsoft)
Q: I am currently using SUS on a windows 2003 server behind a small business server 2003 machine running ISA 2000. When I try and synchronize through the server there is an error that the cab file cannot be downloaded.
A: If you can post your question to the SUS public newsgroup or on the susserver.com website somebody can troubleshoot with you.
Host: Gigi (Microsoft)
Q: Will the WUS scanning engine use HFNetChk technology?
A: No, the WUS scanning engine does not use HFNetChk technology.
Host: Brian (Microsoft)
Q: I hate to be the least knowledgeable here, but is there a URL for an overview of the WUS and will the WUS product replace the need for developers of VS applications to implement application updating procedures?
A: The following link provides details on the product, http://www.microsoft.com/wus
Host: Ty (Microsoft)
Q: Will there be any functionality to REMOVE patches that have been found to cause conflicts?
A: We allow admins to “deploy an update for uninstall”, provided that the update supports uninstall.
Host: Bobbie (Microsoft)
Q: does WUS support other sources for source file downloads from the client? in other words, will wus utilize file server shares or dfs shares?
A: WUS clients can support downloading content from WUS servers or directly from Windows Update
Host: Ty (Microsoft)
Q: Will WUS support deploying custom hotfixes in the initial release?
A: Thanks for the feedback on this feature; we have heard this comment from other customers. We are looking into this for future versions.
Host: Bobbie (Microsoft)
Q: Will WUS be able to patch multiple SQL instances on the same server?
A: Yes that capability is planned
Host: Don (Microsoft)
Q: Will WUS offer driver updates?
A: WUS will support critical drivers.
Host: Brian (Microsoft)
Q: What attributes will be used to see if a patch is missing or installed? Registry Keys only? Some file versions? All File versions? SHA1 hashes? other?
A: It varies by update and includes checks such as: file, registry, MSI data, and WMI queries.
Host: Don (Microsoft)
Q: Will there be any support for Windows 2k Pro or 2k Server patches in WUS?
A: There will be support for Windows 2000 SP3 and later.
Host: Ty (Microsoft)
Q: Will patches/updates for WUS be in MSI form?
A: Most of our Office content will update MSI installations, via MSP updates. We fully support utilizing the Windows Installer technology for detection, and installation of these updates.
Host: Bobbie (Microsoft)
Q: Could you please clarify the following: "WUS also delivers APIs and commands to allow efficient command line and script based administration of the WUS environment."
A: everything that can be done on the WUS UI can also be done thru WUS APIs.
Host: Tim (Microsoft)
Q: Does WUS require File and Print Sharing to be Enabled on PC's? I am not sure if SUS does?
A: No, WUS does not require File and Print sharing to be enabled.
Host: Brian (Microsoft)
Q: When will support be added or patches be available with binary delta compression?
A: WUS provides this functionality, it’s already in the Beta release.
Host: Bobbie (Microsoft)
Q: When will the WUS APIs be made available to partners?
A: The WUS APIs will be documented for the next beta.
Host: Don (Microsoft)
Q: Are bug reports for AutoUpdate in the WUS Beta program, also reflected in the XP-SP2 Beta program?
A: Important bugs that are found in the Auto Update client are being actively fixed in the XPSP2 beta product.
Host: Ty (Microsoft)
Q: XPSP2 uses groups for targeting (not sure where this is assigned) but will WUS use the same group information?
A: We support the use of target groups for all platforms, not only XPSP2. They can be configured on the client side, through a registry setting or through the admin UI.
Host: Bobbie (Microsoft)
Q: Will WUS allow users to create their own reports or better yet allow SQL queries to build reports?
A: WUS will allow a user to use the WUS API and gather the data required to build a custom report. Direct access to SQL is possible but not supported.
Host: Ben (Microsoft)
Q: Will IE service packs be supported
A: Yes, WUS will support IE service packs.
Host: Gigi (Microsoft)
Q: Will WUS allow the ability to allow patches to certain machines, but not others. Such as, can updates be approved for say an Outlook patch to specific machines and other will not get it?
A: Yes, the targeting support in WUS will allow the above: per machine and per patch.
Host: Brian (Microsoft)
Q: The WUS FAQ states "For security reasons, updates are limited to Microsoft only". Does this mean custom applications will still require a custom update process?
A: WUS will provide patches for Microsoft products. Other products will need to be serviced by another method.
Host: Ty (Microsoft)
Q: Will WUS support upgrades features as well. Such as moving people from IE 5.5 to IE 6.0?
A: For products which support service-pack upgrades, we will support it. Specifically for IE, it will depend on their decision to create such a package.
Host: Bobbie (Microsoft)
Q: what are the primary differences between WUS and SMS patch management?
A: WUS is focused on patch management while SMS is an extended solution which includes patch management, inventory, full software distribution etc.
Host: Brian (Microsoft)
Q: Is it possible to get access to the WUS beta version?
A: We’ve reached our limit for the WUS Technology Adoption Program WRT the number of people we can support. If you go to http://www.microsoft.com/wus you can nominate yourself for the Evaluation Program planned for Q3 of this year.
Host: Bobbie (Microsoft)
Q: When SUS was released, it was difficult to get support from my local regional MS Office. How will this be addressed for WUS? What happens to ensure the regional based support people know about products?
A: Hi Scott, can you give me some further information on what type of support difficulties you encountered?
Host: Brian (Microsoft)
Q: Follow-up for Brian - That's even products developed with Visual Studio? (Support for patching them.)
A: Yes, WUS services Microsoft products.
Host: Don (Microsoft)
Q: Can WUS and SUS servers coexist on the same network? As part of a migration, can SUS child servers receive updates from a WUS parent server?
A: WUS and SUS servers can co-exist, but a client can only talk to one or the other, not both at the same time. A SUS server cannot synchronize content from a WUS server.
Host: Bobbie (Microsoft)
Q: Will WUS allow the deployment of "Recommended Updates" like Journal viewer, DirectX, etc...
A: Yes
Host: Ty (Microsoft)
Q: Will WUS support deployment of Office patches without requiring access to original media? Is this done through MSI 3.0?
A: We anticipate that our use of MSI3 will virtually eliminate the need for source requests.
Host: Brian (Microsoft)
Q: How will WUS handle deadlines by when the installation of an update should be enforced?
A: When the deadline is hit the patch will be installed.
Host: Bobbie (Microsoft)
Q: To get support for SUS, I spent a couple of days guiding the support person through an installation and the functionality. Then he could help me with my question.
A: The WUS support global training will be extensive and regional product knowledge will be much improved. Thanks for your feedback
Host: Don (Microsoft)
Q: Regarding installing particular patches, what sort of rollback or uninstall functionality is controllable on the clients from the WUS server?
A: If an update supports uninstall then the update can be deployed as “uninstall it” on the WUS server.
Host: Brian (Microsoft)
Q: What is the estimated release date for WUS? Will it still be a free download? Will there be a whitepaper explaining the installation and configuration similar to the SUS white paper?
A: WUS will release in Q4 of this year, it’s still free, and there will be extensive and even better documentation on the product.
Host: Ty (Microsoft)
Q: I have a property management client who needs to patch their rental offices across the internet. I remember reading somewhere that patching across the Internet was not allowed. Can you confirm/deny this, please?
A: We do not support setting up a WUSvc service so that it is internet-facing. However, you can configure remote locations to receive approvals for updates through your intranet, with a configuration for those machines to access the Windows Update live
Host: Ben (Microsoft)
Q: Does WUS require that I have a SQL server backend? Or is it only required to do reporting?
A: No, SQL server will not be required.
Host: Don (Microsoft)
Q: I audited some machines the other day and found almost 2G of $NTUninstall hidden directories. Will WUS have cleanup provisions to help manage the garbage left behind after a year or two of updates?
A: Those are uninstall directories created by the various installers (primarily update.exe) and are independent of WUS functionality.
Host: Gigi (Microsoft)
Q: Will there be a force install. So if a Critical Patch comes you can force it to your machines within minutes?
A: You can force an install in minutes thru the use of client side API-s. Alternatively you can setup a deadline with the time set in the past and the client will update itself at the next refresh interval. The client refresh interval cab be set as quick as 1 hour.
Host: Ty (Microsoft)
Q: Followup for Ty: When you say that the use of MSI3 "virtually" eliminates the need for source requests; if it can not be guaranteed then you are introducing a potential for clients to not update and create a business/security risk.
A: MSI3 will set baselines to major service packs. From that baseline, source will not be required unless the client machine’s Windows Installer becomes corrupt. The WUSvc admin will see machines in that state, because they will be flagged with an ‘Install failed’ activity.
Host: Bobbie (Microsoft)
Q: Will there be a method to interactively install the approved updates on the client from the WUS server (to patch up newly built machines before they get infected...)
A: If I understand your question, you can use the WUS client API to install one or more updates immediately on the client.
Host: Don (Microsoft)
Q: Will WUS support updating Windows XP Tablet Edition also? (Is it implied that the Tablet Edition is included in the overall XP product line?)
A: SUS 1.0 already supports Tablet Edition, and that support will continue in WUS.
Host: Don (Microsoft)
Q: What is the maximum recommended ratio of clients to WUS server?
A: We’re working on performance testing right now and don’t have a firm definition of hardware specs for the server or # of connecting clients supported. We’ll provide that closer to the open evaluation.
Host: Tim (Microsoft)
Q: Do you need to have SQL Licenses for all the machines that report to the SQL Server?
A: I don't know the full SQL license agreement well enough to comment. But to avoid needing to purchase extra licenses to deploy WUS, you can just use MSDE which comes with the WUS setup and doesn't require a license
Host: Ty (Microsoft)
Q: Will the user who is approving patches need to have elevated system rights?
A: Not on the network, however they will need to have rights to the WUSvc admin UI.
Host: Bobbie (Microsoft)
Q: How does the AutoUpdate client determine the WUS server name for downloads? I am seeing a server shortname in the windowsupdate.log, which is different from the WUServer value.
A: It uses a regkey and the regkey is controlled by policy. Can you follow up with us with your log to the CWUfdbk@microsoft.com mailto:CWUfdbk@microsoft.com alias?
Host: Brian (Microsoft)
Q: The documentation on http://www.microsoft.com/wus says that only Exchange 2003 will be supported - but earlier in this chat you said Exchange 2000 would be supported. Does this mean the docs need to be updated to reflect this?
A: The Exchange team plans on making updates for Exchange 2000 and 2003 available through WUS. I’ll let the doc team know.
Host: Tim (Microsoft)
Q: If you don't use SQL backend, must you then use MSDE instead?
A: You need a Microsoft SQL backend to run WUS and MSDE is one
Host: Ty (Microsoft)
Q: If you take a new machine isolated from any network and install the original bits for Windows XP Pro, and Office 2003 Pro, and then attach it to a WUS Beta monitored network will it automatically be WUSed into a completely current system in one operation
A: It will update only after it receives the GP settings, or manual settings provisioning it to that server name. A better approach would be to set it up, configure it, and run WUAUCLT /detectnow from a CMD line. That will force a detection.
Moderator: Julia (Microsoft)
Q: When will there be another chat for WUS?
A: The next chat's date is to be determined, but will probably be shortly after the public release.
Host: Bobbie (Microsoft)
Q: Will the central WUS console provide a view of all of the WUS servers?
A: No, but you can use the WUS Admin API to collect this information and present your own overview report
Host: Ty (Microsoft)
Q: Is there a command line utility or interactive web site to access the client API (Follow up to force an install of available patches question)
A: We support API calls to both the client, and server. At the time of release we plan to publish sample scripts which common scenarios.
Host: Brian (Microsoft)
Q: More of a suggestion -- we need to have chats like this for the TAP/Beta group!
A: Thanks for the input; we’ll seriously look into doing this.
Host: Bobbie (Microsoft)
Q: Who decided to call it WUS anyway?
Host: Ty (Microsoft)
A: Not me
Host: Bobbie (Microsoft)
A: Not sure but let me know when you find them
Host: Don (Microsoft)
A: Me neither.
Host: Brian (Microsoft)
A: What WUS?
Host: Brian (Microsoft)
Q: When you say Q3 for the Public Beta, are you talking about as soon as July?
A: Or as late as Sept. 31
Host: Ty (Microsoft)
Q: to clarify - when you say a Q4 release, this is Q4 2004 and not 2005, correct? and Q4 is Oct-Dec, correct?
A: We are talking about 2004.
Moderator: Julia (Microsoft)
Thank you Ty, Don, Bobbie, Gigi, Brian, Tim, and Ben for joining us today on a Microsoft Community Chat to talk about Windows Update Services. For more information about WUS, see: http://www.microsoft.com/windowsserversystem/sus/wusfaq.mspx
For further information on this topic, please visit the following:
Newsgroups: Software Update Services Community
SMS Transcripts: Read the archive of past chats.
Website: Visit the Microsoft Windows Update Services website