Windows Server Update Services
Windows Server Update Services ( WSUS ) is a software component of Microsoft Windows Server from Version 2003, which is responsible for patches and updates . It is the successor version of the software component Software Update Services .
Structure and functionality
Windows Server Update Services is a client-server system . Core software component is the SQL - database (either an existing SQL Server 2005 to 2,017 or the supplied Windows Internal Database ) of the server , the version information of the updates and the reports of clients managed. The clients deliver a status report, version data is available from the available updates. At a point in time that can be determined by the administrator , the server establishes a connection with the Windows update server and downloads the updates required for its clients. These are then assigned to the clients via the local computer network . The updates are distributed using a pull mechanism . However, it can be set that particularly important packages (e.g. critical security updates) are installed by setting a deadline.
The client component integrated into the Windows 2000 with SP3, Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10, Windows Server 2003, Windows Server 2008, Windows Server 2012 and Windows Server 2016 operating systems enables server and client computers to be updated from Microsoft Update or from a server on which the Update Services are run. Windows 95/98 / ME / NT4 are not taken into account in the update process via WSUS.
The advantage of this system lies in the administration. The administrator does not have to install the update on every client, but can assign it to different computer groups centrally from the server. This can be particularly useful if updates are expected to cause compatibility problems with an installed application. The corresponding update is then only delivered to the clients when tests have ensured that there is no incompatibility with existing applications. The download and installation of the updates can be controlled manually and automatically by rule. This can be configured per policy for each group or locally per registry key on the client. On the client either "gpedit.msc" or the usual GUI can be used.
The "BITS" service (" Background Intelligent Transfer Service " or "Intelligent Background Transfer Service ") integrated in the client's operating system ensures that updates are only transferred to the clients if the bandwidth of the network allows it.
However, this requires consistent use of Microsoft products (IIS, database, ...). Unusual situations such as a client of a field service employee connected via modem are therefore difficult to cover.
Availability
Microsoft provides Windows Server Update Services as a free download from the Microsoft website . Since September 2018, Microsoft users have also found the so-called "Microsoft Security Servicing Criteria for Windows" on the website for the first time. Microsoft thus reveals the criteria according to which reported vulnerabilities are classified and which security gaps an update is assigned and which not.
Web links
Tools
- WSUSClientManager configuration tool for easy integration of clients without ActiveDirectory, GPO and registry editing
- Address WuInstall WSUS via the command line
more links
- Microsoft Windows Server Update Services. In: Microsoft TechNet . Archived from the original on September 25, 2010 .
- Arnd Rößner: WSUSpraxis.de.
- WSUS.DE.
- SUS blog. In: Microsoft TechNet.
- HowTo: Windows Server Update Services (Server 2008 R2).
Individual evidence
- ↑ Microsoft Security Servicing Criteria for Windows. microsoft.com, accessed September 18, 2018 .