Windows Server Update Services

{{Short description|Update distribution system for Windows Server}}

{{Infobox software

| name = Windows Server Update Services

| screenshot = Microsoft WSUS Admin 2.png

| screenshot_size = 300px

| caption = WSUS can display precise information about which updates each client needs.

| operating system = Windows Server

| genre = Package management, remote administration

}}

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program and network service developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. WSUS downloads these updates from the Microsoft Update website and then distributes them to computers on a network. WSUS is an integral component of Windows Server.

History

The first version of WSUS was known as Software Update Services (SUS).{{cite book

|last1=Foust

|first1=Mark

|last2=Chellis

|first2=James

|last3=Sheltz

|first3=Matthew

|last4=Sage London

|first4=Suzan

|title=MCSE Windows Server 2003 network infrastructure planning and maintenance study guide

|year=2006

|publisher=John Wiley and Sons

|location=Hoboken, New Jersey

|isbn=978-0-7821-4450-5

|page=532

|chapter=Chapter 7: Planning Server-Level Security}} At first, it only delivered hotfixes and patches for Microsoft operating systems. SUS ran on a Windows Server operating system and downloaded updates for the specified versions of Windows from the remote Windows Update site, which is operated by Microsoft. Clients could then download updates from this internal server, rather than connecting directly to Windows Update.{{cite web|title=Software Update Services|url=https://technet.microsoft.com/en-us/windowsserver/bb466186.aspx|work=Microsoft TechNet|publisher=Microsoft Corporation|access-date=4 May 2011}} Support for SUS by Microsoft was originally planned to end on 6 December 2006, but based on user feedback, the date was extended to 10 July 2007.{{cite news|last=Keizer|first=Gregg|title=Microsoft Keeps Software Update Services Alive Until July|url=http://www.informationweek.com/news/194400595|access-date=4 May 2011|newspaper=InformationWeek|date=16 Nov 2006|publisher=UBM TechWeb|archive-date=15 May 2011|archive-url=https://web.archive.org/web/20110515031200/http://www.informationweek.com/news/194400595|url-status=dead}}

WSUS builds on SUS by expanding the range of software it can update. The WSUS infrastructure allows automatic downloads of updates, hotfixes, service packs, device drivers and feature packs to clients in an organization from a central server or servers.

On September 20, 2024, Microsoft announced that Windows Server Update Service would no longer be developed starting with Windows Server 2025.{{Cite web |title=Windows Server Update Services (WSUS) deprecation |url=https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436 |access-date=2024-09-24 |website=TECHCOMMUNITY.MICROSOFT.COM |language=en}} Microsoft encourages business to adopt cloud-based solution for client and server updates, such as Windows Autopatch, Microsoft Intune, and Azure Update Manager.{{Cite web |title=Microsoft ends development of Windows Server Update Services (WSUS) |url=https://www.bleepingcomputer.com/news/microsoft/microsoft-officially-deprecates-windows-server-update-services-wsus/ |access-date=2024-09-24 |website=BleepingComputer |language=en-us}}

Operation

Windows Server Update Services 2.0 and above operate on a repository of update packages from Microsoft. It allows administrators to approve or decline updates before release, to force updates to install by a given date, and to produce extensive reports on which updates each machine requires. System administrators can also configure WSUS to approve certain classes of updates automatically (critical updates, security updates, service packs, drivers, etc.). One can also approve updates for detection only, allowing an administrator to see which machines will require a given update without also installing that update.

WSUS may be used to update computers on a disconnected network. This requires exporting patch data from a WSUS server connected to the internet and, using removable media, importing to a WSUS server set up on the disconnected network.{{cite web |url=https://docs.microsoft.com/de-de/security-updates/windowsupdateservices/18127442 |title=Set Up a Disconnected Network (Import and Export Updates) |access-date=2018-11-24}}

Administrators can use WSUS with Group Policy for client-side configuration of the Automatic Updates client, ensuring that end-users can't disable or circumvent corporate update policies. WSUS does not require the use of Active Directory; client configuration can also be applied by Local Group Policy or by modifying the Windows registry.

WSUS uses .NET Framework, Microsoft Management Console and Internet Information Services. WSUS 3.0 uses either SQL Server Express or Windows Internal Database as its database engine, whereas WSUS 2.0 uses WMSDE. System Center Configuration Manager (SCCM) interoperates with WSUS and can import third party security updates into the product.{{cite web|url=https://technet.microsoft.com/en-us/library/bb632895.aspx|title=About System Center Updates Publisher|publisher=Microsoft|access-date=11 August 2011}}

Licensing

WSUS is a feature of the Windows Server product and therefore requires a valid Windows Server license for the machine hosting the service. The fact that user workstations authenticate themselves to the WSUS service to retrieve their updates makes it necessary to acquire a fileserver client access license (CAL) for each workstation connecting to the WSUS service.{{cite web | url=https://social.technet.microsoft.com/Forums/en-US/6ca141a5-835d-4d42-8954-aadca905d0cf/wsus-server-license-is-required?forum=winserverwsus | title= WSUS Server license is required | publisher=Microsoft TechNet | date=31 July 2016 | access-date=9 March 2019 }} Fileserver CAL for WSUS is the same CAL as the one required for connecting to a Microsoft Active Directory, fileserver and printserver, and has to be acquired once for a device or a user.

WSUS is often considered as a free product because fileserver CAL are already paid for in an enterprise network that has a Microsoft Active Directory and thus do not need to be acquired again.

In a network using Samba Active Directory, it is not necessary to purchase CALs to connect to the domain controller or connect to a Samba file server. However, the use of a WSUS server will still require the purchase of client access licenses for all Windows workstations that will connect to the WSUS server.{{Cite web|title=WSUS and CAL Licenses|url=https://social.technet.microsoft.com/Forums/windowsserver/en-US/82046da9-19ab-4e27-b855-e7c8cfea10a5/wsus-and-cal-licenses?forum=winserverwsus|access-date=2021-03-26|website=social.technet.microsoft.com|archive-date=28 April 2019|archive-url=https://web.archive.org/web/20190428232102/https://social.technet.microsoft.com/Forums/windowsserver/en-US/82046da9-19ab-4e27-b855-e7c8cfea10a5/wsus-and-cal-licenses?forum=winserverwsus|url-status=dead}}

Version history

class="wikitable"
Version	Date	Comments
2.0 Release Candidate \| 22 March 2005 \|
2.0 \| 6 June 2005 \|
2.0 Service Pack 1 \| 31 May 2006 \| Adds support for Windows Vista clients, additional client languages, and using Microsoft SQL Server 2005 as a database backend, as well as performance improvements with the web-based user interface
3.0 Beta 2 \| 14 August 2006 \| MMC based UI and loads of new features
3.0 Release Candidate \| 12 February 2007 \|
3.0 \| 30 April 2007 \| WSUS 3.0 and WSUS Client 3.0 were made available via WSUS on 22 May 2007{{cite web \|last=Harder \|first=Bobbie \|title=Updates for WSUS available today \|url=http://blogs.technet.com/b/wsus/archive/2007/05/22/updates-for-wsus-available-today.aspx \|work=WSUS Product Team Blog \|publisher=Microsoft \|date=22 May 2007}}
3.0 Service Pack 1 Release Candidate \| 1 November 2007 \|
3.0 Service Pack 1{{cite web \|last=Cole \|first=Cecilia \|title=WSUS 3.0 SP1 is now RTM \|url=http://blogs.technet.com/b/wsus/archive/2008/02/07/wsus-3-0-sp1-is-now-rtm.aspx \|work=WSUS Product Team Blog \|publisher=Microsoft \|date=7 Feb 2008}} \| 7 February 2008 \|
3.0 Service Pack 2 \| 25 August 2009 \| Part of Windows Server 2008 R2
4.0{{Cite web \|first=Steve \|last=Henry \|url=https://blogs.technet.microsoft.com/wsus/2016/09/15/update-on-wsus-3-0-sp2-end-of-life/ \|title=Update on WSUS 3.0 SP2 End of Life \|work=WSUS Product Team Blog \|publisher=Microsoft \|date=15 September 2016}} \| 26 October 2012 \| Part of Windows Server 2012 and 2012 R2
5.0{{Cite web \|first=Steve \|last=Henry \|url=https://blogs.technet.microsoft.com/wsus/2018/03/02/catalog-import-failure/ \|title=WSUS Catalog import failures \|work=WSUS Product Team Blog \|publisher=Microsoft \|date=2 March 2018}} \|26 September 2016 \|Part of Windows Server 2016
10.0.17763 \|2019 \|Part of Windows Server 2019
10.0.20348.1 \|2021 \|Part of Windows Server 2022

class="wikitable"

Version

Date

Comments

2.0 Release Candidate

| 22 March 2005

2.0

| 6 June 2005

2.0 Service Pack 1

| 31 May 2006

| Adds support for Windows Vista clients, additional client languages, and using Microsoft SQL Server 2005 as a database backend, as well as performance improvements with the web-based user interface

3.0 Beta 2

| 14 August 2006

| MMC based UI and loads of new features

3.0 Release Candidate

| 12 February 2007

3.0

| 30 April 2007

| WSUS 3.0 and WSUS Client 3.0 were made available via WSUS on 22 May 2007{{cite web |last=Harder |first=Bobbie |title=Updates for WSUS available today |url=http://blogs.technet.com/b/wsus/archive/2007/05/22/updates-for-wsus-available-today.aspx |work=WSUS Product Team Blog |publisher=Microsoft |date=22 May 2007}}

3.0 Service Pack 1 Release Candidate

| 1 November 2007

3.0 Service Pack 1{{cite web |last=Cole |first=Cecilia |title=WSUS 3.0 SP1 is now RTM |url=http://blogs.technet.com/b/wsus/archive/2008/02/07/wsus-3-0-sp1-is-now-rtm.aspx |work=WSUS Product Team Blog |publisher=Microsoft |date=7 Feb 2008}}

| 7 February 2008

3.0 Service Pack 2

| 25 August 2009

| Part of Windows Server 2008 R2

4.0{{Cite web |first=Steve |last=Henry |url=https://blogs.technet.microsoft.com/wsus/2016/09/15/update-on-wsus-3-0-sp2-end-of-life/ |title=Update on WSUS 3.0 SP2 End of Life |work=WSUS Product Team Blog |publisher=Microsoft |date=15 September 2016}}

| 26 October 2012

| Part of Windows Server 2012 and 2012 R2

5.0{{Cite web |first=Steve |last=Henry |url=https://blogs.technet.microsoft.com/wsus/2018/03/02/catalog-import-failure/ |title=WSUS Catalog import failures |work=WSUS Product Team Blog |publisher=Microsoft |date=2 March 2018}}

|26 September 2016

|Part of Windows Server 2016

10.0.17763

|2019

|Part of Windows Server 2019

10.0.20348.1

|2021

|Part of Windows Server 2022

References

External links

{{Official website|https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus}} on Microsoft Docs

Update Services

Category:Microsoft server technology

Category:Patch utilities