As the complexity of operating systems and applications that run on them grows and grows, so do the number of potential vulnerabilities which can be exploited by people outside and within your organisation. The potential damage caused by these vulnerabilities can range from lost productivity due to an infection on your network through to machines within your business being recruited as zombie machines to spread malware and infect other machine on other networks. In serious cases, it could even provide a way for your crucial business data to be compromised.
In companies where the management of computers is not centrally controlled, a computer will be purchased with the latest operating system and either added to the network or used as a standalone device. Depending upon the settings chosen by the person that configured the machine, Windows Update may or may not be activated. As Microsoft issue fixes and new features for Windows, Office and other applications the machine does not get updated and as more and more updates are missed, the likelihood of infection grows.
Where Windows Update has been installed and configured, the user may still have the choice to continually cancel either the downloading or installing of new updates, thereby rendering Windows Update useless.
Windows Server Update Services (WSUS) is a free component which can be installed onto any machine running a Microsoft Windows Server operating system either 2003 or 2008. Once configured, WSUS allows all updates to be controlled via a single server which lets the IT Manager/system administrator decide which downloads should be installed onto which machines and when. It also allows him/her to prevent the user from stopping the installation whilst also providing reports to show which machines are vulnerable.
For businesses who want to see the differences for themselves, 2and7 can provide a time limited version of Windows Server 2008 with a copy of Windows Server Update Services 3.0 SP2 pre-installed. For an additional fee, we can also pre-configure the server with the relevant groups that you will need.
For business who have an immediate need, we can also provide a fully functioning installation of Windows Server Update Services 3.0 SP2 with a fully licenced version of Windows Server 2008 Standard as a VMWare virtual machine. This can simply be installed onto a machine at a location of your choice, configured for your particular network and you are then ready to begin centrally managing your updates.
We can also provide additional consultancy services to run through the basic operations and to train your IT team on how to get the most from this technology.
More information will be available in the Services section of the site.
WSUS provides a number of ways in which machines can be added to the service. Where your business is running Active Directory, group policies can group machines together into particular clusters – maybe to reflect regional offices or functions – and specific updates applied to those machines. It is also possible to stagger the time/date that particular groups will check the central server for updates to cut down on bandwidth. Where servers exist at regional offices, WSUS can also be configured to push updates to regional servers overnight and all machines within an office then update themselves against the local server.
Where Active Directory is not in place, you can use registry keys to have the same effect. If you don’t know how to do this, then get in touch and we can provide you with some assistance.
WSUS also comes into it’s own by allowing you to specify a test group for updates. Software developers have no way of knowing which applications have been installed and uninstalled on a particular machine over time and hence there’s a possibility that an update will have an unseen effect upon a machine.
A good strategy is therefore to identify a number of low risk machines that represent the spread of operating systems and applications across your organisation. With the consent of the user, deploy the new updates to these machines and monitor them for any adverse reaction. Once you are happy that the updates can be deployed to the rest of the user base.
We’ve included a number of documents below that provide guidance on operating the system once installed as well as the release notes for the latest service pack.
Windows Server Update Service 3.0 SP2 Deployment Guide (doc) (pdf)
Windows Server Update Service 3.0 SP2 Fixes and Features (doc) (pdf)
Windows Server Update Service 3.0 SP2 Operations Guide (doc) (pdf)
Windows Server Update Service 3.0 SP2 Release Notes (doc) (pdf)
