Up and running with WSUS

I’ve been meaning to upgrade my Software Update Services (SUS) installation to Windows Software Update Services (WSUS) for some time now, but the recent rebuild of my SUS server forced the issue.

I’m pleased to report that the WSUS installation was reasonably straightforward. Because I had already installed Windows Server 2003 SP1, there was no need to install BITS 2.0 or Microsoft.NET Framework v1.1 SP1 and I just needed to make the (Windows Server 2003) an application server (i.e. install IIS, enable COM+ for remote transactions, enable Microsoft DTC for remote access and enable ASP.NET) – all done through the Configure My Server Wizard (because I was feeling lazy). Installing WSUS was simply a case of following the setup routine (which included setting up the MSDE database).

Once installed, I set up the synchronisation schedule and performed a manual synchronisation (just to get things going). I also elected to automatically approve critical and security updates. The WSUS installation had automatically updated the Group Policy template file and because Active Directory already had the GPO settings for the previous SUS installation, it was pretty much configured, although I did need to amend the intranet Microsoft update server locations to include the custom port number (http://servername:8530) and enable client-side targeting for the All Computers group. The final steps were to select the products for which to receive updates and to approve updates for detection/installation.

That was it. WSUS up and running and clients receiving updates. My first impressions are that WSUS is slightly more complex than SUS was, but also more capable. I’m just waiting to get some real world experience with a hierarchy of update servers on a live network now!

Leave a Reply