Updates Overview

Applies To: Windows Server Update Services

Updates are used for patching or providing a full file replacement for software that is installed on a computer. Every update that is available on Microsoft Update is made up of two components:

• Metadata provides information about the update. For example, metadata supplies information for the properties of an update, thus enabling you to find out what the update is useful for. Metadata also includes end-user license agreements (EULAs). The metadata package downloaded for an update is typically much smaller than the actual update file package.

• Update files are the actual files required to install an update on a computer.

How WSUS Stores Updates

When updates are synchronized to your WSUS server, the metadata and update files are stored in two separate locations. Metadata is stored in the WSUS database. Update files can be stored either on your WSUS server or on Microsoft Update servers, depending on how you have configured your synchronization options. If you choose to store update files on Microsoft Update servers, only metadata is downloaded at the time of synchronization; you approve the updates through the WSUS console, and then client computers get the update files directly from Microsoft Update at the time of installation. For more information about your options for storing updates, see Deploying Microsoft Windows Server Update Services.

Managing Updates by Using WSUS

Whether you have just deployed WSUS or are performing daily tasks, you will be setting up or (reconfiguring) and running synchronizations, adding computers and computer groups, and deploying updates on a regular basis. The order in which you perform any of these general tasks might change, depending on a number of circumstances—for example, you might change your client computer configurations, (such as adding new computers, upgrading software).

Although the order you might need to perform the following general tasks might be different, necessitated by your organizational needs, the following is an example of the order of general tasks you might undertake in updating computers by using WSUS.

1. Before configuring options in the WSUS console, determine an overall update management plan based on your network capabilities, company needs, and layout. Considerations might include the following:

   • If and how you want to set up a hierarchy of WSUS servers

   • Which database to use to store update metadata (for example, MSDE, WMSDE, SQL Server 2000)

   • What computer groups you want to create, and the method you will use to assign computers to them (for example, server-side or client-side targeting)

   • Whether you want updates to synchronize automatically at a specific time

2. Set synchronization options on the Options page, such as update source, product and update classification, language, connection settings, storage location, and automatic synchronization schedule.

3. Get the updates and associated metadata on your WSUS server through synchronization from either Microsoft Update or an upstream WSUS server, depending on the location you have specified for your update source.

4. Approve or decline updates by group from the Updates page. You can approve updates for either installation or detection only. For detection only, WSUS does not install updates but instead checks computers in the groups you specified, to see if a specific update is needed. To get the result of the detection (or, in other words, to find out if the update is needed), check the Status of Updates report. You can set a deadline for automatic installation or detection. For installation, you have the option of allowing users to install the updates themselves (if they are local administrators on their client computers).

5. Configure automatic approvals for either installation or detection (by classification and groups) in Options, on the Automatic Approvals page. If the installation and detection rules conflict, WSUS will use the installation rule. On this page, you can also configure whether you want to enable automatic approval of revisions to existing updates or approve revisions manually. If you choose to approve manually, then your WSUS server will continue using the older version until you manually approve the revision.

6. Check status of the updates on the Updates page or in the Status of Updates report.

Update Products and Classifications

Updates available on Microsoft Update are differentiated by product (or product family) and classification.

Products Updated by WSUS

A product is a specific edition of an operating system or application, for example Microsoft Windows Server 2003, Datacenter Edition. A product family is the base operating system or application from which the products are derived. An example of a product family is Microsoft Windows, of which Microsoft Windows Server 2003, Datacenter Edition is a member. On the Synchronization Options page under Products and Classifications, products are displayed in a hierarchy, under their product family. At this location on the WSUS console, you can select the products or product families for which you want your server to automatically synchronize updates. You can specify many products at once if they belong to the same product family, because by selecting a parent check box you also select all items under it. Selecting the child check boxes will not select the parent check boxes. For every selection, you also are automatically selecting future releases.

Update Classifications

Update classifications represent the type of update. For any given product or product family, updates could be available among multiple classifications (for example, Windows XP family Critical Updates and Security Updates). The following table lists examples of update classifications.