Windows Server Update Services 2.0 Frequently Asked Questions
On This Page
.gif){kind=icon} |
General Information |
|
WSUS and SUS |
|
WSUS and SMS 2003 |
|
Features and Functionality |
|
Setup and Deployment |
General Information
| Q. | What is Windows Server Update Services (WSUS)? |
| A. | WSUS (previously called Windows Update Services) is the new name for the next version of Software Update Services (SUS). WSUS is a patch and update component of Windows Server and offers an effective and quick way to help you get secure and stay secure. WSUS represents an important step toward delivering a core software distribution and update management infrastructure in Windows. WSUS has both a server and client component. |
| Q. | On which platforms does the WSUS client run? |
| A. |
|
| Q. | On which platforms does the WSUS server run? |
| A. |
|
| Q. | Why is the name changing again after it was just changed from SUS to Windows Update Services? |
| A. | Based on customer and partner feedback, the name Windows Update Services and the associated abbreviation (WUS) did not accurately describe the functionality and value of the product. Windows Server Update Services more appropriately positions the product as a component of Windows Server and reflects the fact that it can be used for updates beyond Windows itself. |
| Q. | Will WSUS update only Windows operating systems? |
| A. | No. WSUS will support updating Windows operating systems and, over time, additional Microsoft software products. When initially released, WSUS will support updating Windows XP Professional, Windows 2000, Windows Server 2003, Microsoft Office XP, Office 2003, Microsoft SQL Server 2000, Microsoft SQL Server 2000 Desktop Engine (MSDE) 2000, and Microsoft Exchange Server 2003. Support for additional Microsoft products will be added over time, without the need to upgrade or redeploy WSUS. |
| Q. | How can I get WSUS? |
| A. | WSUS is available as a download at no cost. To download the software, see the Download WSUS page. |
| Q. | Is WSUS free? |
| A. | Yes. Windows Server Update Services is free and is available to download at no cost. Each managed client requires a Windows Server CAL. To download the software, see the Download WSUS page. |
| Q. | Does WSUS require SQL Server 2000 licenses? |
| A. | WSUS can use MSDE, WMSDE, or SQL Server. If you choose to use SQL Server 2000 as its datastore, then SQL Server 2000 needs to be licensed appropriately, with either a SQL Server 2000 CAL for every device managed by WSUS, or a per-processor license. For more information about SQL Server 2000 licensing, see the SQL Server How to Buy page. |
| Q. | Does WSUS support service packs? |
| A. | Yes. |
| Q. | How can I install WSUS on a Small Business Server? |
| A. | Instructions on installing WSUS on Small Business Server can be found in the Step-by-Step Guide to Getting Started with Microsoft Windows Server Update Services on Windows Small Business Server 2003. |
| Q. | Is WSUS supported on 64 bit versions of win2k3? |
| A. | No, the current version of WSUS is not supported on 64 bit platforms. However it can manage/update PCs that run on those platforms. |
| Q. | Can WSUS distribute updates to 64-bit client and server systems? |
| A. | Yes, WSUS can be used to distribute critical security updates released for 64-bit systems however, the WSUS server is not officially supported on 64-bit platforms. Support for WSUS on 64-bit platforms is planned for inclusion in a future release of WSUS. |
WSUS and SUS
Q.
How long will Software Update Services (SUS) be supported by Microsoft?
A.
SUS will be supported through December 6, 2006.
Q.
How long will SUS continue to receive new content from Windows Update?
A.
SUS will no longer receive new update content after Dec. 6, 2006.
Q.
Will I still be able to download SUS?
A.
No. SUS is no longer available for download.
Q.
What are the differences between WSUS and SUS 1.0?
A.
In addition to the current capabilities in SUS 1.0, WSUS will:
- Update more than just Windows.
- Provide reporting capabilities.
- Provide targeting capabilities.
- Give administrators more control over the update process.
For a list of the new capabilities, please refer to the WSUS Datasheet.
Q.
Will the existing SUS client work with WSUS servers, or will a new client need to be installed?
A.
Existing SUS clients must be updated to work with WSUS. The update process is automatic if you previously used SUS. If you never used SUS before, the latest Automatic Update client is available as part of Windows XP SP2. The new client is also backward-compatible with SUS 1.0 servers.
Q.
Does WSUS support migration from SUS 1.0?
A.
Yes. Although there is no upgrade, you can migrate approvals and updates to WSUS. If you use multiple SUS servers to target updates to specific client computers, the WSUS migration tool enables you to consolidate approvals from specific SUS servers to WSUS computer groups.
Q.
What update mechanism does Microsoft recommend?
A.
Microsoft recommends that customers use the update management solution that best meets their needs. In general, WSUS addresses simple update management scenarios, while Systems Management Server (SMS) 2003 supports advanced update management needs. The following table shows typical customer choices for various organizational size segments.
Customer Type
Scenario
Customer Choice
Large or Medium Enterprise
The organization wants a single, flexible update management solution with an extended level of control that enables them to update (and distribute) all Windows operating systems and applications and also includes an integrated asset management solution.
SMS 2003
Large or Medium Enterprise
The organization wants a solution for update management only that provides simple updating for Microsoft software—initially supporting Windows 2000 and later supporting Office 2003, Office XP, Exchange Server 2003, SQL Server 2000, and MSDE 2000.
WSUS1
Small Business
The business has at least one Windows server and one IT administrator.
WSUS1
Small Business
All other scenarios
Microsoft Update or Windows Update2
Consumer
All other scenarios
Microsoft Update or Windows Update2
| 1 | Customers can use another update tool, or a manual update process, for operating system versions and applications not supported by WSUS or Microsoft Update. |
| 2 | Microsoft Update is the new Web-hosted update service that will deliver updates for additional Microsoft software. Microsoft Update will be available in conjunction with the release of WSUS. Windows Update will continue to be available. |
Q.
How long can I continue to use WUS Beta 2?
A.
The last update to the beta Microsoft Update was made on March 8th. As a result, Windows Update Services (WUS) Beta 2 will no longer recieve new updates. We encourage you to download Windows Server Update Services as soon as possible to continue receiving updates and testing the product.
Existing content on the beta Microsoft Update service will be available for server synchronization until April 22, 2005. After that date, that service will be decomissioned and WUS Beta 2 installations will not be able to receive any content.
Q.
What are are the supported upgrades to WSUS?
A.
For the server:
- SUS 1.0 to WSUS server: A SUS 1.0 server can be migrated to WSUS using the WSUSUTIL.EXE tool provided in the Tools directory of the WSUS server installation. See Deploying Microsoft Windows Server Update Services for complete instructions.
- WUS Beta 2 to WSUS server: As communicated at the release of Beta 2, there is no upgrade path from WUS Beta 2 server to WSUS server. The purpose of the Open Evaluation Program (OEP) is to get feedback from customers on the functionality of the product. Providing this upgrade path would invalidate input provided on the installation and configuration of the release candidate (RC).
- WSUS RC to WSUS final release server: The final release of WSUS allows migration from a WSUS RC server. This will help verify the functionality related to the long-term maintenance of WSUS servers. After you upgrade from the RC version, you will need to run a script to address compatibility issues between the RC and final release. To obtain the script go to the Downloads page.
For the client:
- SUS 1.0 to WSUS client: A SUS 1.0 client (AU 2.2) will self-update to a WSUS client.
- WUS Beta 2 to WSUS client: A WUS Beta 2 client will self-update to a WSUS client.
- WSUS RC to WSUS final release client: A WSUS RC client will self-update to a WSUS final release client.
WSUS and SMS 2003
| Q. | If I have Systems Management Server (SMS) 2003, do I also need WSUS? |
| A. | No. SMS 2003 can provide the same basic services that WSUS can, in addition to the advanced controls for update management, so you will not need WSUS if you have SMS 2003. |
| Q. | If I have Windows Server Update Services, do I also need SMS 2003? |
| A. | Windows Server Update Services provides basic patch and update capabilities only. If your environment requires support for deployment of software packages, reporting on software and hardware inventory, remote-control functionality, or other more advanced functions, SMS 2003 includes these features. For a more detailed comparison of your update choices, see the Compare Microsoft Update, Windows Server Update Services, and SMS page. |
| Q. | What does SMS 2003 provide in update management that WSUS does not? |
| A. | SMS 2003 provides a number of capabilities in the areas of advanced administrator control and awareness that WSUS does not include. In particular, SMS users can create collections based on inventory characteristics of machines, which enables administrators to better target their updates and perform functions such as:
|
| Q. | Will WSUS and SMS be integrated in the future? |
| A. | In the Windows Server Update Services release timeframe, SMS will use the Windows Server Update Services scanning engine to detect updates for Windows 2000, Windows Server 2003, Windows XP Professional, Office 2003, Office XP, Exchange 2003, SQL Server 2000, and MSDE 2000. The Windows Server Update Services scanning engine is built into the Windows Update agent which is included with Windows and is the same component that enables Automatic Updates from Windows Update. The Windows Server Update Services scanning engine will continue to broaden its catalog to encompass all Microsoft products and will become the single update scanning engine from Microsoft. SMS, as well as other Microsoft technologies such as Microsoft Operations Manager (MOM) and Microsoft Baseline Security Analyzer (MBSA) will use the scanning capabilities of thee Windows Update agent to generate consistent update scanning results. |
Features and Functionality
| Q. | What languages are currently supported by WSUS? |
| A. | The full version will be localized for all languages supported by Windows server and client operating systems. |
| Q. | Can I add my own updates to Windows Server Update Services? |
| A. | No. Only updates synchronized from Microsoft Update or another Windows Server Update Services server are supported. |
| Q. | What hardware is required to run the WSUS server? |
| A. | See the Windows Server Update Services System Requirements page. |
| Q. | Does WSUS run on Windows Small Business Server 2003? |
| A. | Yes. |
| Q. | Does WSUS provide extensibility options for administrators? |
| A. | Yes. WSUS provides extensibility options through both client-side and server-side APIs. |
| Q. | Will Microsoft Internet Security and Acceleration (ISA) Server updates be handled by WSUS? |
| A. | Over time, WSUS will support all Microsoft updates, including ISA Server. However, at release, the plan is for WSUS is to support Windows, Office XP, Office 2003, SQL Server 2000, MSDE 2000, and Exchange Server 2003. |
| Q. | Is there a way to disable the balloon alert when an update from WSUS is ready to install? |
| A. | No, there is no way to disable the balloon alert. However, you can configure the frequency of its appearance. If the concern is to prevent the alert from interrupting end users, you can configure updates to install at a scheduled time, which has no associated balloon alert. |
| Q. | What does Windows Server Update Services use to scan and evaluate necessary updates for computers? Is it MBSA? |
| A. | Windows Server Update Services will use its own scanning engine. Windows Server Update Services does not use any MBSA code. |
| Q. | Is the database on the "master" or upstream WSUS server meant to be the database for all downstream servers, or will a SQL Server database need to be set up individually for each downstream server? |
| A. | Each WSUS server requires its own database—either an MSDE or a SQL Server database. |
| Q. | Why don't the cloned or imaged PCs register with a WSUS server? |
| A. | This can happen if the machines share the same ClientID. You can work around this by deleting the following registry keys and rebooting the clients: HKLM\Software\Microsoft\Windows\CurrentVersion\Windowsupdate Delete the following entries, if present:
Before you clone the OS image, consider using SysPrep – reseal to make sure the SIDs are generated. Machines that are sysprepped will automatically get a new ClientID when they are first booted. |
Setup and Deployment
Q.
What documentation is available to help me set up WSUS?
A.
Before setting up WSUS, you may find the information in the following guides useful:
- Step-by-Step Guide to Getting Started with Windows Server Update Services. Recommended as the quickest way to start using WSUS, this paper provides step-by-step instructions for getting started. You will find instructions for how to install WSUS on Windows Server 2003; configure WSUS to obtain updates; configure clients to install updates from WSUS; and approve, test, and distribute updates.
- Deploying Microsoft Windows Server Update Services. Recommended for administrators requiring comprehensive information about WSUS, this guide describes how to deploy WSUS. You will find step-by-step installation and configuration procedures, as well as details on how WSUS functions, its scalability, and bandwidth. Additionally, there is how-to information for updating and configuring Automatic Updates on client workstations and servers, steps for migrating from SUS to WSUS, and steps for setting up a WSUS server on an isolated segment of your network, and then manually importing updates.
Q.
Will WSUS support deployment of updates across domains on the same forest?
A.
Yes. WSUS is not tied to domain hierarchies. However, you must plan your WSUS implementation to cover scenarios where machines in one domain may not have network access to an WSUS server in another domain.
Q.
What do the different update approval options mean, such as Detect Only, Not Approved, Install, Declined, and Remove?
A.
Only updates that have the approval status Install will be downloaded to computers served by WSUS. By default, Critical and Security updates are already approved for detection (Detect Only), which means WSUS will determine if these updates are needed by any of your computers. These updates will still need to be approved for Install before WSUS downloads them to your computers.
All other new updates will show up as Not Approved until you decide to approve them for Install or decline them with the Declined approval. (You can also approve them for Detect Only or Remove). If you decline an update, it will no longer appear in your list of updates unless you filter by All updates or Declined updates. Remove will remove updates from computers that already have the update installed, providing that the update is compatible with this feature. For details, see the Installation Information on the Details tab of the update.
For details about approval options, see the "Viewing Updates and Approving Updates" section in the Windows Server Update Services Operations Guide.
Q.
Can WSUS tell me if an update is needed on a computer?
A.
All updates can be approved for detection (using the Detect Only approval option—Critical and Security updates are approved for detection by default), which gives you needed status for updates on your computers.
The table below shows the possible status (as viewed in the Status column of a computer).
Status
Meaning
Installed
The update is already installed on the computer.
Needed
- You have approved the update for installation, but the client computer has not yet contacted the WSUS server since you made this change.
- You have not yet approved the update for installation, although the detect-only action has been performed.
- The update has already been downloaded and installed, but the client computer has not contacted the WSUS server since the update was installed.
- The update has already been downloaded and installed, but the update requires that the client computer be restarted before changes take effect, and the client computer has not yet been restarted.
- The update has been downloaded to the computer but not installed.
Not Needed
The update is not needed by the computer.
Unknown
The detection process has not been completed for the update on the computer—typically because the computer has not contacted the WSUS server since the new update became available after synchronization.
Failed
an error occurred with either detection or an installation of the update on the computer.
For details about understanding which updates are applicable to your computers managed by WSUS, see the "Monitoring Windows Server Update Services" section of the Windows Server Update Services Operations Guide.
Q.
How can I prevent updates from rebooting my server?
A.
You have an option to either "Download and Install" or "Download and Notify". "Download and Notify" allows you to avoid reboots, but it is risky to install an update on a machine without rebooting as recommended by an update. Consider using the SDK to create a script that approves and restarts servers on a regular basis if you choose the "Download and Notify" option. The SDK information is available on MSDN.
Q.
How can I automatically download and locally store all updates on my WSUS server?
A.
By default, updates are downloaded to your Windows Server WSUS server only when they have been approved for installation. You can choose to download and store all updates regardless of approval, or you can choose not to download and store any updates locally. (updates are downloaded to computers directly from the Windows Update Web site after being approved for installation.) To change the default settings, go to Advanced Settings in the Options screen of your WSUS console.
For details about how updates are stored on WSUS, see the "Configuring Update Services Server" section of Deploying Windows Server Update Services.
Q.
What are the prerequisites for installing WSUS on Windows Server 2003?
A.
For Windows Server 2003, WSUS requires the following:
- Microsoft Internet Information Services (IIS) 6.0
- Background Intelligent Transfer Service (BITS) 2.0. To obtain this software, see the Download WSUS page.
- Microsoft .NET Framework 1.1 Service Pack for Windows Server 2003. You can also obtain this software from the Windows Update site: Scan for Critical Updates and Service Packs. Install Microsoft .NET Framework 1.1 Service Pack 1 for Windows Server 2003.
To view all hardware and software requirements and to learn how to configure these requirements for WSUS, see Deploying Windows Server Update Services.
Q.
What are the prerequisites for installing WSUS on Windows 2000 Server?
A.
For Windows 2000 Server, WSUS requires the following:
- IIS 5.0
- BITS 2.0. To obtain this software, see the Download WSUS page.
- Database software that is fully compatible with SQL Server. Microsoft recommends MSDE 2000 Release A.
- Microsoft Internet Explorer 6.0 SP1
- .NET Framework 1.1 Redistributable Package
- .NET Framework 1.1 SP1. You can also obtain this software from the Windows Update site: Scan for Critical Updates and Service Packs. Install Microsoft .NET Framework 1.1 Service Pack 1 for Windows 2000 Server.
To view all hardware and software requirements and to learn how to configure these requirements for WSUS, see Deploying Windows Server Update Services.
Q.
How do I choose the language of the updates I download?
A.
By default, updates are downloaded in all languages. To change this setting to download updates in languages of your choice, go to Advanced Settings in the Options screen of your WSUS console. For details about changing language setting for updates, see the "Configuring Update Services Server" section of the Deploying Windows Server Update Services.
Q.
How can I automatically download and locally store all updates on my WSUS server?
A.
By default, updates are downloaded to your Windows Server WSUS server only when they have been approved for installation. You can choose to download and store all updates regardless of approval, or you can choose not to download and store any updates locally. (updates are downloaded to computers directly from the Windows Update Web site after being approved for installation.) To change the default settings, go to Advanced Settings in the Options screen of your WSUS console.
For details about how updates are stored on WSUS, see the "Configuring Update Services Server" section of Deploying Windows Server Update Services.
Q.
Can WSUS run on a SQL Server cluster?
A.
This is not a supported deployment scenario.
.gif){kind=icon}
Top of page