Windows Server Update Services

Windows Server Update Services
	WSUS can display precise information about which updates each client needs
Operating system	Windows Server
Type	Package management, remote administration
Website	learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus

Last updated December 12, 2023

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program and network service developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. WSUS downloads these updates from the Microsoft Update website and then distributes them to computers on a network. WSUS is an integral component of Windows Server.

History

The first version of WSUS was known as Software Update Services (SUS).^[1] At first, it only delivered hotfixes and patches for Microsoft operating systems. SUS ran on a Windows Server operating system and downloaded updates for the specified versions of Windows from the remote Windows Update site, which is operated by Microsoft. Clients could then download updates from this internal server, rather than connecting directly to Windows Update.^[2] Support for SUS by Microsoft was originally planned to end on 6 December 2006, but based on user feedback, the date was extended to 10 July 2007.^[3]

WSUS builds on SUS by expanding the range of software it can update. The WSUS infrastructure allows automatic downloads of updates, hotfixes, service packs, device drivers and feature packs to clients in an organization from a central server or servers.

Operation

Windows Server Update Services 2.0 and above operate on a repository of update packages from Microsoft. It allows administrators to approve or decline updates before release, to force updates to install by a given date, and to produce extensive reports on which updates each machine requires. System administrators can also configure WSUS to approve certain classes of updates automatically (critical updates, security updates, service packs, drivers, etc.). One can also approve updates for detection only, allowing an administrator to see which machines will require a given update without also installing that update.

WSUS may be used to update computers on a disconnected network. This requires exporting patch data from a WSUS server connected to the internet and, using removable media, importing to a WSUS server set up on the disconnected network.^[4]

Administrators can use WSUS with Group Policy for client-side configuration of the Automatic Updates client, ensuring that end-users can't disable or circumvent corporate update policies. WSUS does not require the use of Active Directory; client configuration can also be applied by Local Group Policy or by modifying the Windows registry.

WSUS uses .NET Framework, Microsoft Management Console and Internet Information Services. WSUS 3.0 uses either SQL Server Express or Windows Internal Database as its database engine, whereas WSUS 2.0 uses WMSDE. System Center Configuration Manager (SCCM) interoperates with WSUS and can import third party security updates into the product.^[5]

Licensing

WSUS is a feature of the Windows Server product and therefore requires a valid Windows Server license for the machine hosting the service. The fact that user workstations authenticate themselves to the WSUS service to retrieve their updates makes it necessary to acquire a fileserver client access license (CAL) for each workstation connecting to the WSUS service.^[6] Fileserver CAL for WSUS is the same CAL as the one required for connecting to a Microsoft Active Directory, fileserver and printserver, and has to be acquired once for a device or a user.

WSUS is often considered as a free product because fileserver CAL are already paid for in an enterprise network that has a Microsoft Active Directory and thus do not need to be acquired again.^[6]

In a network using Samba Active Directory, it is not necessary to purchase CALs to connect to the domain controller or connect to a Samba file server. However, the use of a WSUS server will still require the purchase of client access licenses for all Windows workstations that will connect to the WSUS server.^[7]

Version history

Version	Date	Comments
2.0 Release Candidate	22 March 2005
2.0	6 June 2005
2.0 Service Pack 1	31 May 2006	Adds support for Windows Vista clients, additional client languages, and using Microsoft SQL Server 2005 as a database backend, as well as performance improvements with the web-based user interface
3.0 Beta 2	14 August 2006	MMC based UI and loads of new features
3.0 Release Candidate	12 February 2007
3.0	30 April 2007	WSUS 3.0 and WSUS Client 3.0 were made available via WSUS on 22 May 2007^[8]
3.0 Service Pack 1 Release Candidate	1 November 2007
3.0 Service Pack 1^[9]	7 February 2008
3.0 Service Pack 2	25 August 2009	Part of Windows Server 2008 R2
4.0^[10]	26 October 2012	Part of Windows Server 2012 and 2012 R2 ^[10]
5.0^[11]	26 September 2016	Part of Windows Server 2016 ^[11]
10.0.17763	2019	Part of Windows Server 2019
10.0.20348.1	2021	Part of Windows Server 2022

Related Research Articles

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services.

Windows Server 2003, codenamed "Whistler Server", is the second version of the Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2003. Windows Server 2003 is the successor to the Server editions of Windows 2000 and the predecessor to Windows Server 2008. An updated version, Windows Server 2003 R2, was released to manufacturing on December 6, 2005. Windows Server 2003 is based on Windows 2000.

Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.

NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol.

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems.

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy allows Group Policy Object management without Active Directory on standalone computers.

A hotfix or quick-fix engineering update is a single, cumulative package that includes information that is used to address a problem in a software product. Typically, hotfixes are made to address a specific customer situation.

A diskless node is a workstation or personal computer without disk drives, which employs network booting to load its operating system from a server.

Windows Server Essentials is an integrated server suite from Microsoft for businesses with no more than 25 users or 50 devices. It includes Windows Server, Exchange Server, Windows SharePoint Services, and Microsoft Outlook. Application server technologies are tightly integrated to provide and offer management benefits such as integrated setup, enhanced monitoring, Remote Web Workplace, a unified management console, and remote access.

Windows Server 2008, codenamed "Longhorn Server", is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2.

In software licensing, volume licensing is the practice of using one license to authorize software on a large number of computers and/or for a large number of users. Customers of such licensing schemes are typically business, governmental or educational institutions, with prices for volume licensing varying depending on the type, quantity and applicable subscription-term. For example, Microsoft software available through volume-licensing programs includes Microsoft Windows and Microsoft Office.

A client access license (CAL) is a commercial software license that allows client computers to use server software services. Most commercial desktop apps are licensed so that payment is required for each installation, but some server products can be licensed so that payment is required for each device or user that accesses the service provided by the software. For example, an instance of Windows Server 2016 for which ten User CALs are purchased allows 10 distinct users to access the server.

<span class="mw-page-title-main">Quick Assist</span> Microsoft Windows remote access feature

Quick Assist is a Microsoft Windows feature that allows a user to view or control a remote Windows computer over a network or the Internet to resolve issues without directly touching the unit. It is based on the Remote Desktop Protocol (RDP). It is complemented by Get Help, a feature introduced in Windows 10 that enables the user to contact Microsoft directly but does not allow for remote desktoping or screen sharing.

A roaming user profile is a file synchronization concept in the Windows NT family of operating systems that allows users with a computer joined to a Windows domain to log on to any computer on the same domain and access their documents and have a consistent desktop experience, such as applications remembering toolbar positions and preferences, or the desktop appearance staying the same, while keeping all related files stored locally, to not continuously depend on a fast and reliable network connection to a file server.

Microsoft Desktop Optimization Pack (MDOP) is a suite of utilities for Microsoft Windows customers who have subscribed to Microsoft Software Assurance program. It aims at bringing easier manageability and monitoring of enterprise desktops, emergency recovery, desktop virtualization and application virtualization.

Windows Server 2008 R2, codenamed "Windows Server 7", is the fifth version of the Windows Server operating system produced by Microsoft and released as part of the Windows NT family of operating systems. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009, shortly after the completion of Windows 7. It is the successor to Windows Server 2008, which is derived from the Windows Vista codebase, released the previous year, and was succeeded by the Windows 8-based Windows Server 2012.

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.

Windows MultiPoint Server is an operating system based on Microsoft Windows Server using Remote Desktop Services technology to host multiple simultaneous independent computing stations or terminals connected to a single computer. Windows MultiPoint Server 2012 was the final release as an independent SKU and has been superseded by the MultiPoint Services role in Windows Server 2016.

ConnectWise Control, previously Screenconnect, is a self-hosted remote desktop software application. It was originally developed by Elsinore Technologies in 2008 under the name ScreenConnect, and is now owned by ConnectWise Inc.

References

↑ Foust, Mark; Chellis, James; Sheltz, Matthew; Sage London, Suzan (2006). "Chapter 7: Planning Server-Level Security". MCSE Windows Server 2003 network infrastructure planning and maintenance study guide. Hoboken, New Jersey: John Wiley and Sons. p. 532. ISBN 978-0-7821-4450-5.
↑ "Software Update Services". Microsoft TechNet . Microsoft Corporation. Retrieved 4 May 2011.
↑ Keizer, Gregg (16 November 2006). "Microsoft Keeps Software Update Services Alive Until July". InformationWeek . UBM TechWeb. Archived from the original on 15 May 2011. Retrieved 4 May 2011.
↑ "Set Up a Disconnected Network (Import and Export Updates)" . Retrieved 24 November 2018.
↑ "About System Center Updates Publisher". Microsoft. Retrieved 11 August 2011.
1 2 "WSUS Server license is required". Microsoft TechNet. 31 July 2016. Retrieved 9 March 2019.
↑ "WSUS and CAL Licenses". social.technet.microsoft.com. Retrieved 26 March 2021.
↑ Harder, Bobbie (22 May 2007). "Updates for WSUS available today". WSUS Product Team Blog. Microsoft.
↑ Cole, Cecilia (7 February 2008). "WSUS 3.0 SP1 is now RTM". WSUS Product Team Blog. Microsoft.
1 2 Henry, Steve (15 September 2016). "Update on WSUS 3.0 SP2 End of Life". WSUS Product Team Blog. Microsoft.
1 2 Henry, Steve (2 March 2018). "WSUS Catalog import failures". WSUS Product Team Blog. Microsoft.

External links

Official website on Microsoft Docs

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Foust, Mark; Chellis, James; Sheltz, Matthew; Sage London, Suzan (2006). "Chapter 7: Planning Server-Level Security". MCSE Windows Server 2003 network infrastructure planning and maintenance study guide. Hoboken, New Jersey: John Wiley and Sons. p. 532. ISBN 978-0-7821-4450-5.

[2] "Software Update Services". Microsoft TechNet . Microsoft Corporation. Retrieved 4 May 2011.

[3] Keizer, Gregg (16 November 2006). "Microsoft Keeps Software Update Services Alive Until July". InformationWeek . UBM TechWeb. Archived from the original on 15 May 2011. Retrieved 4 May 2011.

[4] "Set Up a Disconnected Network (Import and Export Updates)" . Retrieved 24 November 2018.

[5] "About System Center Updates Publisher". Microsoft. Retrieved 11 August 2011.

[aadca905d0cf-6] 1 2 "WSUS Server license is required". Microsoft TechNet. 31 July 2016. Retrieved 9 March 2019.

[7] "WSUS and CAL Licenses". social.technet.microsoft.com. Retrieved 26 March 2021.

[8] Harder, Bobbie (22 May 2007). "Updates for WSUS available today". WSUS Product Team Blog. Microsoft.

[9] Cole, Cecilia (7 February 2008). "WSUS 3.0 SP1 is now RTM". WSUS Product Team Blog. Microsoft.

[:0-10] 1 2 Henry, Steve (15 September 2016). "Update on WSUS 3.0 SP2 End of Life". WSUS Product Team Blog. Microsoft.

[:1-11] 1 2 Henry, Steve (2 March 2018). "WSUS Catalog import failures". WSUS Product Team Blog. Microsoft.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]