How WSUS servers work

WSUS provides a management infrastructure consisting of the following:

MicrosoftUpdate

Distribute Microsoft product updates to Microsoft websites.

WindowsServerUpdateServices Server

This component is installed on WindowsServer2003SP1 or nextref_longhorn server located inside the company firewall. The WSUS server allows administrators to manage and distribute updates on any Windows computer in the domain through the WSUS3.0 console. The WSUS server can also be used as an update source for other WSUS servers in the Organization. At least one WSUS server must be connected to Microsoft Update in the network to obtain available update information. The administrator can decide whether to allow other servers to directly connect to Microsoft Update based on network security and configuration.

Automatic update

This component is built into the nextref_longhorn, nextref_vista, WindowsServer2003, WindowsXP, and Windows2000SP4 operating systems. With Automatic Updates, servers and client computers can receive updates from Microsoft Update or WSUS servers.

WSUS subsequent steps go to The WindowsServerUpdateServices website (http://go.microsoft.com/fwlink? LinkId = 71198). Here you can: • download WSUS. • Download this WSUS document: • MicrosoftWindowsServerUpdateServices getting started step-by-step guide (http://go.microsoft.com/fwlink? LinkID = 71190) • WindowsServerUpdateServices3.0 readme file (http://go.microsoft.com/fwlink? LinkId = 71220) The WSUS3.0 deployment scheme WSUS is very flexible and can meet the needs of organizations of all sizes from small enterprises using dial-up connections to large enterprises with thousands of users distributed across the world). Based on the organization's size, location, and connection infrastructure, the administrator can determine the most effective way to expand its WSUS server scale-this decision may involve one or more WSUS servers. In this section, you can learn more about common solutions for deploying WSUS components in small, medium, and restricted networks.

Small or simple network for a single WSUS server)

In a single WSUS server solution, the administrator can create a server running WSUS in the firewall of the company, which directly synchronizes the content with MicrosoftUpdate, and then distributes the updates to the client computer.

Multiple WSUS servers are medium-sized or more complex networks)

The following are common solutions for deploying WSUS components in medium-sized or more complex networks.

Multiple independent WSUS servers

The administrator can deploy multiple configured servers so that the servers are managed independently and the content is synchronized from Microsoft Update, as shown in.

Attachment: you cannot download or view attachments in your user group.

The deployment method in this solution applies to managing different LAN or WAN segments as separate entities, such as one branch. In addition, to configure a server running WSUS to only deploy updates to the client computer running a specific operating system such as Windows2000, however, this solution still applies when another server is configured to only deploy updates on client computers running other operating systems such as Windows XP.

Multiple internally synchronized WSUS servers

The administrator can deploy multiple servers running WSUS, which synchronize all content in the Intranet of the Organization. Only one server is public to the Internet. In this configuration, it is the only server that downloads updates from Microsoft Update. This server is set as an upstream server-that is, the source for synchronization with the downstream server. Servers can be placed in different locations in geographically dispersed networks to provide optimal connections to all client computers.

Disconnected WSUS servers have limited or limited Internet connections)

If the company policy or other conditions restrict computer access to the Internet, the administrator can create an internal server running WSUS, as shown in. In this example, a server is created that is connected to the Internet but isolated from the Intranet. After downloading, testing, and approving updates on this server, the administrator can then export the updated metadata and content to appropriate media, then, update metadata and content from the media to the server running WSUS on the Intranet.

Functions of WindowsServerUpdateServices3.0: Server Functions

Server Components of the WSUS solution include the following functions. More updates:

• Windows 2000

• Windows XP 32-bit, IA-64 and x64)

• Windows Vista • Windows Server 2003

• WindowsSmallBusinessServer2003

• Exchangeservers 2000

• Exchange Server 2003

• Exchange Server 2007

• SQL Server

• SQL Server 2005

• Office XP

• Office 2003

• Microsoft ISA Server 2004

• Microsoft Data Protection Manager

• MicrosoftForeFront

• Windows Live

• Windows Defender

At least one upstream WSUS server must be connected to Microsoft Update to obtain available updates and updates. Other downstream servers can obtain updates from this upstream server.

Specific updates that can be set to automatically downloaded

When the WSUS server downloads available updates from the MicrosoftUpdate or upstream WSUS server, the updates are synchronized at the same time. The administrator can select the updates to be downloaded to the WSUS server during synchronization based on the following conditions:

• Products or product series such as Microsoft windowsserver2003 or MicrosoftOffice) • update categories such as key updates and drivers)

• Language, for example, only English and Japanese. In addition, the administrator can specify a synchronization schedule for automatic synchronization.

Automatic update operations approved by the Administrator

The Administrator must approve all automatic operations to be performed on updates. Approval operations include:

• Approval

• Delete can be used only when updates support uninstallation)

• In addition, administrators can establish a deadline, that is, to determine the specific date and time of the update. The administrator can force download immediately by setting the deadline to a certain time in the past.

Email Notifications sent for the latest updates and status reports

You can configure WSUS3.0 to send an email notification when new updates and status reports exist. Once the update notification arrives at the WSUS server, the specified recipient will receive it. Status reports can be sent at a specified time or interval.

Ability to determine applicability before installing updates

WSUS3.0 can now automatically scan for updates to determine which computers should install them. Before you plan and deploy the update to be installed, the administrator can use the status report to analyze the impact of the update, status reports can be generated directly from a single update, update subset, or all Update views.

# P #

Guiding objectives

Administrators can deploy updates to specific computers and computer groups by using the targeting targets. The redirection target can be configured directly on the WSUS server or on the WSUS server by using the "Group Policy" in the ActiveDirectory network environment, or by editing the registry settings on the client computer. The following is an example of a target-oriented task that can be executed by the Administrator:

• Deploy new updates to the test computer group and evaluate them before distributing them to the production environment.

• Protect computers running specific applications. For example, if a key update is incompatible with an application that is only used on certain computers, the administrator can ensure that updates are not distributed to these computers.

• Specify the end time for the update and installation to be completed, and then set different end times for different computers or computer groups.

• Use the same computer as a member of multiple groups. For example, a computer can be a member of a "test" group or a member of a "special application" group.

Database options

The WSUS database stores update information, event information about update operations on the client computer, and WSUS server settings. For WSUS3.0 databases, the administrator can select the following options:

• The firstref_wyukon database WSUS can install the database during WindowsServer2003 installation ).

• Existing Microsoft sqlserver™Database 2005ServicePack1.

Copy synchronization and report

With WSUS, the administrator can create an update management infrastructure consisting of the WSUS server hierarchy. The WSUS server can be resized to process any number of clients. Administrators of the central WSUS server can create updates, target groups, and approvals through copy synchronization. The created content can be automatically transmitted to the WSUS server designated as the copy server. This means that the branch client can obtain centralized approval updates from the local server without the local WSUS administrator. In addition, problems caused by low-bandwidth connections to the branches of the central server are reduced because the branch WSUS server only connects to the central WSUS server. The system generates an update status report for all clients of the replica server.

Manage multiple WSUS servers from a single console

WSUS3.0 allows administrators to manage the WSUS server hierarchy from a single WSUS console. The WSUS snap-in the Microsoft console can be installed on any computer on the network.

Report

By using wsusreports, the administrator can export an Excel spreadsheet or an Adobe beat file using all reports of the following activities ):

• Update Status: the administrator can monitor the update compliance of the Client Computer in real time through the "Update Status" report, these reports provide update approval and deployment statuses for each update, each computer, and each computer group based on various events sent by the client computer.

• Computer status: the administrator can evaluate the Update Status on the client computer. For example, they may ask to provide a summary of installed updates or updates required for a specific computer.

• Computer compliance status: Administrators can view or print a Summary of the computer's compliance information, including basic software and hardware information, WSUS activity, and update status.

• Update compliance status: Administrators can view or print a Summary of the compliance information for a specific update, including the update attributes and cumulative status of each computer group.

• Synchronization or download) status: the administrator can monitor synchronization activities and statuses for a given period of time and view the latest downloaded updates.

• WSUS configuration settings: The administrator can view the summary of the options specified for its WSUS implementation.

Troubleshooting

With WSUSManagementPack, administrators can troubleshoot some faults related to the wsus infrastructure, including network connections, permissions, SQL connections, and WSUS-related services. WSUSManagementPack displays this information in the Status view of MicrosoftOperationsManager. The administrator can obtain detailed information about the cause of the problem and related solutions.

To enable administrators and developers to use. NET-based APIs, we provide a software development kit (SDK ). The administrator can create custom code to manage AutomaticUpdates and WSUS servers. With the new API, administrators can collect hardware and software lists from managed devices, create installation approvals in the add or delete programs dialog box, and assign WSUS management and other management tools such as systemcenteressen) integrated with WSUS management. Developers can use the WSUS infrastructure to create management applications to integrate with WSUS or release third-party updates.

Configurable communication option administrators can flexibly configure computers to obtain updates directly from Microsoft Update or from the IntranetWSUS server that distributes updates internally, or from the combinations of the two, the specific situation depends on the network configuration. The administrator can configure the WSUS server based on the actual situation to use a custom port to connect to the Intranet or Internet. The default port used by the WSUS server is port 80 .) You can also connect through SSL. In this case, the default port is 443. If the WSUS server is connected to the Internet through a proxy server, the administrator can configure proxy server settings.

You can use the command line interface to import and export data, and the data migration administrator can import and export data between WSUS servers to update metadata and content. In a network with limited or restricted Internet connections, this is a necessary task. The administrator can seamlessly migrate the original management settings, content approval, and specific content from the WSUS2.0 server to the WSUS3.0 server. Migration is also useful when WSUS servers are merged. For example, an administrator can migrate approval from a specific target group from one WSUS server to another WSUS server.

You can back up and recover WSUS by updating the content file and SQL Server metadata ntbackup. ClientseitigeFeatures consists of client components of the WSUS solution.

The powerful and scalable AutomaticUpdates service is managed in the ActiveDirectory service environment. administrators can use the "Group Policy" to configure the behaviors of AutomaticUpdates. In other cases, administrators can use logon scripts or similar mechanisms to remotely configure automatic updates using registry keys. The Administrator function of the client computer configuration includes:

• Configure notification and arrangement options for users through "group policy.

• Configure the frequency for the client computer to check the update source MicrosoftUpdate or other WSUS servers for new updates.

• Configure AutomaticUpdates so that it can be installed immediately when it finds that there is no need to restart the computer or interrupt the service updates, without waiting for the scheduled Automatic installation time.

• Manages client computers through APIS Based on the Component Object Model (COM. There are sdks for use.

The client computer's self-update WSUS client computer can detect the existence of a newer version of The AutomaticUpdates program from the WSUS server, and then automatically upgrade its AutomaticUpdates service.

Automatically detects applicable updates. You can download and install specific updates for your computer. AutomaticUpdates works with the WSUS server to determine which updates should be applied to a specific client computer.

AutomaticUpdates services run in the background, which has little impact on employee efficiency and network functions. AutomaticUpdates merges all updates that require the computer to be restarted only once. AutomaticUpdates prevents users in the managed environment from interacting with Microsoft software license terms. The Administrator has accepted the license terms on the WSUS server on behalf of the client computer. BITS2.0 uses difference compression to accelerate downloading, which is invisible to users ). For example, after AutomaticUpdates downloads an update to the client computer, it will continue to monitor the upstream WSUS server or MicrosoftUpdate, and then only download the files changed in the Update file to the client computer. This technology can also be used to effectively distribute ServicePack through AutomaticUpdates.