Windows Server Update Services Overview

 

Applies To: Windows Server 2012 R2, Windows Server 2012

The Windows Server Update Service (WSUS) enables information technology administrators to deploy the latest Microsoft product updates. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network. This topic provides an overview of this server role and more information about how to deploy and maintain WSUS.

Did you mean…

WSUS server role description

The WSUS server provides the features that administrators need to manage and distribute updates through a management console. In addition, a WSUS server can be the update source for other WSUS servers within the organization. The WSUS server that acts as an update source is called an upstream server. In a WSUS implementation, at least one WSUS server in the network must connect to Microsoft Update to get available update information. The administrator can determine, based on network security and configuration, how many other servers connect directly to Microsoft Update.

Practical applications

Update management is the process of controlling the deployment and maintenance of interim software releases into production environments. It helps you maintain operational efficiency, overcome security vulnerabilities, and maintain the stability of your production environment. If your organization cannot determine and maintain a known level of trust within its operating systems and application software, it might have a number of security vulnerabilities that, if exploited, could lead to a loss of revenue and intellectual property. Minimizing this threat requires you to have properly configured systems, use the latest software, and install the recommended software updates.

The core scenarios where WSUS adds value to your business are:

  • Centralized update management

  • Update management automation

New and changed functionality

Warning

Upgrade from any version of Windows Server that supports WSUS 3.2 to Windows Server® 2012 R2 requires that you first uninstall WSUS 3.2. In Windows Server 2012, upgrading from any version of Windows Server with WSUS 3.2 installed is blocked during the installation process if WSUS 3.2 is detected, and you are prompted to first uninstall Windows Server Update Services prior to upgrading Windows Server 2012. However, because of changes in Windows Server 2012 R2, when upgrading from any version of Windows Server and WSUS 3.2 to Windows Server 2012 R2, the installation is not blocked. Failure to uninstall WSUS 3.2 prior to performing a Windows Server 2012 R2 upgrade will cause the post installation tasks for WSUS in Windows Server 2012 R2 to fail. In this case, the only known corrective measure is to format the hard drive and reinstall Windows Server 2012 R2.

Windows Server Update Services is a built-in server role that includes the following enhancements:

  • Can be added and removed by using the Server Manager

  • Includes Windows PowerShell cmdlets to manage the ten most important administrative tasks in WSUS

  • Adds SHA256 hash capability for additional security

  • Provides client and server separation: Versions of the Windows Update Agent (WUA) can ship independently of WSUS

Feature and functionality

Windows Server 2008 R2

Windows Server 2012 and Windows Server 2012 R2

Inclusion of Windows PowerShell cmdlets to manage the ten most important administrative tasks in WSUS

X

Security enhancements with SHA256 hash capability

X

Client and server separation: Versions of the Windows Update Agent (WUA) can ship independently of WSUS

X

Using Windows PowerShell to manage WSUS

For system administrators to automate their operations, they need coverage through command-line automation. The main goal is to facilitate WSUS administration by allowing system administrators to automate their day-to-day operations.

What value does this change add?

By exposing core WSUS operations through Windows PowerShell, system administrators can increase productivity, reduce the learning curve for new tools, and reduce errors due to failed expectations resulting from a lack of consistency across similar operations.

What works differently?

In earlier versions of the Windows Server operating system, there were no Windows PowerShell cmdlets, and update management automation was challenging. The Windows PowerShell cmdlets for WSUS operations add flexibility and agility for the system administrator.

Removed or deprecated functionality

In this release of WSUS, the API is updated to the .NET Framework 4.5.

System requirements

The minimum hardware requirements for WSUS are:

  • Processor: 1.4 gigahertz (GHz) x64 processor (2 Ghz or faster is recommended)

  • Memory: WSUS requires an additional 2 GB of RAM more than what is required by the server.

  • Available disk space: 10 GB (40 GB or greater is recommended)

  • Network adapter: 100 megabits per second (Mbps) or greater

Software Requirements

See also

The following table lists references for more information about WSUS:

Content type

References

WSUS 3.0 SP2 Resources

Windows Server Update Services 3.0 SP2 on TechNet:

Product evaluation

Windows Server Update Services TechNet Page

Planning and Deployment

Deploy Windows Server Update Services in Your Organization

Migration

Migrate Windows Server Update Services to Windows Server 2012

Community resources

WSUS Forum