Overview of WSUS Updates
Updated: July 19, 2011
Applies To: Windows Server Update Services, Windows Small Business Server 2011 Standard, Windows Server 2008 R2, Windows Server 2003 with SP2, Windows Server 2008 R2 with SP1
Updates are used to update or to provide a full file replacement for software that is installed on a computer. Every update that is available on Microsoft Update has the following two components:
Metadata provides information about the update and supplies information for the properties of an update, which helps you determine the usefulness of an update. Metadata also includes Microsoft Software License Terms. The metadata package that is downloaded for an update is typically much smaller than the actual update file package.
The actual files that are required to install an update on a computer.
When updates are synchronized to your WSUS server, the metadata and update files are stored in two separate locations. Metadata is stored in the WSUS database. Update files can be stored on your WSUS server or on Microsoft Update servers, depending on how you have configured your synchronization options. If you choose to store update files on Microsoft Update servers, only metadata is downloaded at the time of synchronization. You approve the updates through the WSUS console, and then client computers get the update files directly from Microsoft Update at the time of installation.
You will be setting up and running synchronizations, adding computers and computer groups, and deploying updates on a regular basis. The following list gives examples of general tasks that you might undertake when you update computers with WSUS.
Determine an overall update management plan based on your network topology and bandwidth, company needs, and organizational structure. Considerations might include the following:
Whether to set up a hierarchy of WSUS servers, and how the hierarchy should be structured.
Which database to use for update metadata (for example, Windows® Internal Database or SQL Server 2008).
What computer groups to create, and how to assign computers to them (server-side or client-side targeting).
Whether updates should be synchronized automatically, and at what time.
Set synchronization options, such as update source, product and update classification, language, connection settings, storage location, and synchronization schedule.
Get the updates and associated metadata on your WSUS server through synchronization from Microsoft Update or from an upstream WSUS server.
Approve or decline updates. You have the option to allow users to install the updates themselves (if they are local administrators on their client computers).
Configure automatic approvals. You can also configure whether you want to enable automatic approval of revisions to existing updates or approve revisions manually. If you choose to approve revisions manually, your WSUS server will continue using the older version until you manually approve the new revision.
Check the status of updates. You can view update status, print a status report, or configure email for regular status reports.
Updates that are available on Microsoft Update are differentiated by product (or product family) and classification.
A product is a specific edition of an operating system or application, for example Windows Server 2008 R2. A product family is the base operating system or application from which the individual products are derived. An example of a product family is Microsoft Windows, of which Windows Server 2008 R2 is a member. You can select the products or product families for which you want your server to synchronize updates. You can specify a product family or individual products within the family. Selecting any product or product family will get updates for current and future versions of the product.
Update classifications represent the type of update. For any given product or product family, updates could be available among multiple update classifications (for example, Critical updates and Security updates for Windows Server 2008 R2). The following table lists the update classifications.
|Critical updates||Broadly released fixes for specific problems addressing critical, non-security related bugs.|
|Definition updates||Updates to virus or other definition files.|
|Drivers||Software components designed to support new hardware.|
|Feature packs||New feature releases, usually rolled into products at the next release.|
|Security updates||Broadly released fixes for specific products, addressing security issues.|
|Service packs||Cumulative sets of all hotfixes, security updates, critical updates, and updates created since the release of the product. Service packs might also contain a limited number of customer-requested design changes or features.|
|Tools||Utilities or features that aid in accomplishing a task or set of tasks.|
|Update rollups||Cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a specific component, such as Internet Information Services (IIS).|
|Updates||Broadly released fixes for specific problems addressing non-critical, non-security related bugs.|