SUS installed premium version

1. Sus server and client:

The server has the following requirements:

Hardware: CPUs above MHz clock speed, memory above MB, hard disk space above 6 GB
Software: Windows2000ServerSP2The above operating system, WindowsServer2003, IISVersion 5 or later, ieVersion 5.5 or later

  Client:

First, the SUS service can only be windows2000SP2/XP/2003 provides the upgrade service, which means windowsNT and windows9x and windows2000SP1 cannot be upgraded through this service.

For Windows2000SP2 and windowsXP, you also need to install a sus client program first; for Windows2000SP3 and later versions, WindowsXPSP1And later versions and windowsServer2003. You can directly set it in the Group Policy without installing the client.

2. server configuration.

First, download the Server Installation File:
Http://www.microsoft.com/downloads/details.aspx? Familyid = A7AA96E4-6E41-4F54-972C-AE66A4E4BF6C & displaylang = en

Then run the installation directly. All options can be set by default. Note that for security reasons, both the system disk of the SUS server and the hard disk partition that saves the SUS patch file must be the NTFS file system. In addition2000Install sus on the server operating system. The installer will also install IIS for you.LockdownTool, which is a software to improve IIS security.

After the software on the server is installed, you can start setting the SUS server. There are two ways to set the SUS server: local setting and Remote Setting. You must have the permissions of the Administrators group.

For local settings, you only need to double-click "MicrosoftSoftwareUpdateServices.

For remote management, you need to open the IE browser (Version 5.5 or later) on the remote computer, and then enter "http: // server name or IP/susadmin" in the address bar"Press enter and enter the username and password for logon.

The configuration interface is very familiar with Microsoft WindowsThe update website is very similar. All functions can be opened in the list on the left.

First, you need to set this server, in the "other" on the leftOptionsOptions ", then you can see the interface. At the top of the page is firewall settings.AProxyServerConfiguration ", you can enter your firewall parameters. Generally, you can use the default settings here as long as you have set it in IE.

Then go to "specifyTheNameYourClientsUseToLocateThisUpdateServer ", you can give the server a better name, so that the client can access the upgrade server rather than the IP address through the server name.

In the "selectWhichServerToSynchronizeContentYou can set the source of the synchronized patch content under from. If your server is going to be synchronized from Microsoft's upgraded server, select synchronize.DirectlyFromTheMicrosoftWindowsUpdateServers "; if you want to synchronize content from other sus servers on the network, select" SynchronizeFromALocalSoftwareUpdateServicesServer ", and enter the name or IP address of the target server below
In the "selectHowYouWantToHandleNewVersionsOfPreviuslyApprovedUnder updates, we can set the actions taken after the patch is synchronized. If you think that all patches do not need to be pre-tested and can be deployed directly, select "AutomaticallyApproveNewVersionsOfPreviuslyApprovedUpdates "; on the contrary, if you plan to test and release all the patches, select" doNotAutomaticallyApproveNewVersionsOfApprovedUpdates.IWillManuallyApproveTheseUpdatesLater ". In this way, if a new patch is downloaded, it will not be released immediately, but will be released manually after the administrator verifies it. It is recommended that administrators use this method. Although the workload may increase, it is good for other computers on the network. It can be imagined that a patch is in conflict with a software commonly used in your network. If the patch is automatically released, all clients will encounter this kind of trouble. At this time, you may be more troublesome as an administrator.

In the "selectWhereYouWantToStoreUnder updates, you can set how to save the patch. You can simply choose "maintainTheUpdatesOnAMicrosoftWindowsUpdateServer ", so that the patch download of the SUS server will be fully synchronized with the Microsoft Server, regardless of whether the patches are actually required. Therefore, we recommend that you select "save" here.TheUpdatesToALocalFolder ", and select only the patch language you need, which will reduce additional downloads.

After setting everything, click "Apply" in the lower-right corner of the page to save the settings.

Then synchronize the server. Click "Synchronize" on the left.Server, you can see the page in figure 3. You can click "SynchronizeNow, start synchronization immediately. This will be a long process, especially when you want to synchronize many patch languages and the network speed is slow. We recommend that you set automatic synchronization and click "synchronization ".Click the schedule button, and then you can see the interface shown in Figure 4. Select "SynchronizeUsingThisSchedule ", and then set the synchronization mode below. If your server runs continuously for 24 hours, we recommend that you set the server to synchronize in the early morning, because the network usage is the lowest during this time, it is easy to get a high download speed. Click "OK" to save the settings.

After the server synchronization is complete, if you have set approval before release, You have to begin approval. Click "approve" in the list on the left.Updates. All downloaded patches are listed here, and the status of each patch is displayed on the right. If it is "approved", it indicates that the patch has been tested, and approve release; if a patch is in the "not" statusApproved "requires attention. You should install these patches on a few computers for test purposes. If everything works properly, select the check box before the patch name, click the "approve" button in the lower right corner. Then you want to agree to the patch's End User License Agreement. A small problem occurs here, that is, the pop-up dialog box showing the license agreement does not have any buttons, press the tab key to display the button and click.

In addition to the patch status, you can see more information here. For example, each patch uses a green text to display the operating system applied by the patch, if the patch needs to be restarted after it is installed, the description of the patch is marked with a highlighted red handwriting. Each patch also has a link. After clicking it, you can connect to the Microsoft website to view the details of the patch.

Note: If you have set a patch to be approved before release, only approved programs will be downloaded and installed by the client.

Now, the basic settings of the server have been completed.

3. Client configuration.

The client is divided into two situations: the domain environment and the working group environment.

Note: The following content involves the Active Directory and group policy, while windowsXPHomeEdition, that is, it cannot be added to the domain without a group policy, so it is not discussed here.

In the working group environment, you need to set each client computer separately. If there are many computers in the network, this is obviously troublesome, fortunately, when there are usually a large number of computers, the Administrator will use the Active Directory for management, so this problem is not serious. Let's continue to look at it.

For Windows2000SP2 and windowsXP, We need to install the SUS client first, download here:
Http://www.microsoft.com/windows2000/downloads/recommended/susclient/default.asp
After installation, enter "gpedit. MSC "Open the Group Policy Editor, expand" Computer Configuration "-" manage template "in turn, right-click" manage template ", and choose" Add/delete template ", click "add" on the page in Figure 7 and find wuau in the % WinDir % \ INF directory. ADM file, double-click Add. Continue to open "Windows Components"-"WindowsUpdate "(this item appears only after the client software is installed and added). Two available policies are displayed on the right side of the window. "Automatic configuration Update" allows you to set the Update Time and processing method, and "specify the internal Internet of the Enterprise... "Is used to specify the server location. You can enter it in the form of" http: // server name "or" http: // server IP. Next, you need to perform the same settings on each computer on the network.

After completing these steps, the program will automatically connect to the specified upgrade server to check for updates at the preset time, or download and ask for installation, or prompt the user. Note that the SUS client does not have accessible pages, and all upgrades can only be performed automatically in the background.

For WindowsXPSP1 and windows2000SP3And windowsServer2003. These operating systems have been installed with clients, so you can set them directly in the group policy according to the above method. If your network is large and the Active Directory is applied, it is easier to manage it.

Enter "DSA. msc" in the running of the domain controller and press enter to open activeIn the directory user and computer settings window, right-click the ou or domain of the policy to be created, select "properties", and open the "Group Policy" tab in the Properties window, click "new" to name the new policy (for example, SUS ,). Select the new group policy and click "edit". A group policy setting window is displayed, which is similar to running gpedit. the window opened by MSC is similar. However, you can set group policies for all computers in the entire domain.

In this window, expand "Computer Configuration"-"management template"-"WindowsComponent "-" WindowsUpdate ", and then set the policy here to set the parameters for the SUS client for computers in all login domains. Note that if the operating system of the client is Windows2000SP2, WindowsXP, you still need to install the SUS client software first.

The setting of the entire client is like this. I believe that after the configuration, the Administrator's maintenance work will be easier and the computers on the network will be safer!