www.techtarget.com Open in urlscan Pro
2606:4700::6812:1347  Public Scan

Form analysis
1 forms found in the DOM

POST https://www.techtarget.com/search

<form action="https://www.techtarget.com/search" method="post" class="header-search">
  <label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
  <input class="header-search-input ui-autocomplete-input" id="header-search-input" autocomplete="off" type="text" placeholder="Search the TechTarget Network">
  <button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
</form>

Text Content

3
Trending Now

Azure Red Hat OpenShift: A self-help guideDownload NowView All3
X
3Hello, these 3 documents have been trending and as a member they are free to
you.
 * 
   Azure Red Hat OpenShift: A self-help guideDownload Now
 * 
   How to support your business goals in the cloudDownload Now
 * 
   Economic Impact of RHEL on AzureDownload Now




SearchWindows Server
Search the TechTarget Network
Login Register
Explore the Network
 * TechTarget Network
 * Cloud Computing
 * Enterprise Desktop
 * Virtual Desktop

 * SearchWindows Server
 * * IT Ops & Infrastructure Management
   * Identity & Access Management
   * Messaging & Collaboration
   * Microsoft Cloud & Hybrid Services
   * Windows Server Management
   Other Content
    * News
    * Features
    * Tips
    * Webinars
    * 2024 IT Salary Survey Results
    * Sponsored Sites
    * More
       * Answers
       * Conference Guides
       * Definitions
       * Opinions
       * Podcasts
       * Quizzes
       * Tech Accelerators
       * Tutorials
       * Videos

 * Follow:
 * 
 * 
 * 
 * 
 * 


 * Home
 * IT operations and infrastructure management


Tech Accelerator What is patch management? Lifecycle, benefits and best
practices
Prev Next The risks of failed patch management How to conduct security patch
validation and verification
Download this guide1

Definition


WINDOWS SERVER UPDATE SERVICES (WSUS)


 * Share this item with your network:
 * 
 * 
 * 
 * 
 * 

 * 
 * 
 *  * 
    * 
    * 
    * 

By
 * Kinza Yasar, Technical Writer
 * Gavin Wright


WHAT IS WINDOWS SERVER UPDATE SERVICES (WSUS)?

Windows Server Update Services (WSUS) is a Windows server role that can plan,
manage and deploy updates, service packs, patches and hotfixes for Windows
servers, client operating systems (OSes) and other Microsoft software. It lets
system administrators control when and how systems install updates and provides
a central point for clients to get updates. It's designed for small and
medium-sized business use. There's typically no additional cost to add WSUS to a
Windows network.

Installed on Microsoft Windows Server, WSUS is a simple tool system
administrators use to manage Microsoft Windows updates. It's available for
various versions of Windows Server and client OSes, such as Windows Server 2008
R2, Windows Server 2012, Windows Server 2012 R2, 2016, 2019 and Windows Server
2022. All supported Microsoft client OSes can use WSUS, including Windows 8.1,
10 and 11.




PRACTICAL APPLICATIONS AND BENEFITS OF WSUS

WSUS lets an organization control when and how its Windows devices receive OS
updates and patches. Practical applications and benefits of WSUS include the
following:

 * Automated updates. WSUS enables automatic updates within specific parameters.
   Without WSUS, clients install updates as soon as they're available from
   Microsoft. This can cause clients to be at different patch levels, or to
   install patches that break software or install during the middle of the
   workday, causing employee downtime.
 * Testing and approval. Using WSUS gives system administrators time to test
   that the updates work with their network and don't introduce compatibility
   issues. It also lets them install the updates during a maintenance timeframe
   so that production work isn't affected. For example, an organization would
   want to avoid installing updates to the accounting department during tax
   preparation.
 * Reporting and monitoring. WSUS provides reporting about Windows updates in an
   organization. System administrators can use this information to verify that
   all clients are installing security updates correctly and have the same
   updates applied. This ensures that the systems have the correct security
   patches, reducing overall network vulnerability.
 * Centralized update management. Without WSUS, all clients go directly to
   Microsoft servers to download updates. In networks with many clients or with
   poor bandwidth, this could cause excessive internet use and affect
   productivity. With WSUS acting as a central point, the server downloads only
   one copy of the update from Microsoft and all clients can get the update from
   there. This approach makes better use of high-speed LAN connections and
   reduces overall internet usage. WSUS supports multiple languages and can
   selectively make the information for these languages available.
 * Custom updates. WSUS enables administrators to organize updates into custom
   categories based on criteria such as importance, type or product.
 * Bandwidth conservation. By downloading updates once to the WSUS server and
   then distributing them internally, for example, through a downstream server,
   organizations can conserve internet bandwidth. This is particularly useful
   for large organizations with many computers, where downloading updates
   individually could strain network resources.
 * Compliance and security. WSUS helps organizations maintain compliance with
   security standards and regulations by ensuring that all systems are up to
   date with the latest security patches and fixes. This is crucial for
   protecting sensitive data and mitigating security risks.

WSUS lets system administrators control and manage every facet of updating,
patching and hotfixing Microsoft OS and software products.



WSUS DATABASE REQUIREMENTS

When planning to deploy WSUS, organizations should consider their hardware and
database requirements, which are driven by the number of client computers being
updated within the organization.

This article is part of


WHAT IS PATCH MANAGEMENT? LIFECYCLE, BENEFITS AND BEST PRACTICES

 * Which also includes:
 * Creating a patch management policy: Step-by-step guide
 * Key software patch testing best practices
 * 10 enterprise patch management best practices

The various database requirements for a WSUS deployment include the following:

 * Database software requirements. Microsoft SQL Server Express 2008 R2 has a
   database size constraint of 10 GB, which should typically meet the needs of
   WSUS. However, opting for this database instead of Windows Internal Database
   (WID) doesn't offer any significant benefits. A WID database has a minimum
   RAM requirement of 2 GB beyond the standard Windows Server system
   requirements.
 * Database size and content. Updates consist of metadata that details the
   update's description and the files required to install the update. Update
   metadata is typically much smaller than the actual update and is stored in
   the WSUS database. However, the update files are stored on a local WSUS
   server or a Microsoft Update Web server.
 * Minimum hardware requirements. Microsoft recommends a minimum of 2 GB of RAM
   and 40 GB of storage space for the WSUS server. However, enterprises commonly
   use a minimum of 64 GB of RAM and more than 1 TB of WSUS content.
 * Additional hardware requirements. For WSUS, an extra 2 GB of RAM beyond the
   server's standard requirements and those of all other services or software is
   necessary. It's recommended to use a separate server, or a virtual machine
   dedicated to WSUS, along with an SQL or SQL Express instance for the
   database.Top of Form


WSUS LICENSE AND OS REQUIREMENTS

WSUS doesn't require an additional license for the server. Clients connecting to
WSUS only require a Windows Server Client Access License (CAL). Because most
organizations already purchase Windows Server and CALs, WSUS is typically no
additional cost to them.

WSUS only supports Microsoft products, such as Windows and Microsoft Office
updates. It doesn't allow admins to install new software or update other
products, such as Google Chrome. It also doesn't support other OSes, such as
macOS or Linux.


HOW TO USE WSUS

The following outlines the step-by-step process of how to use and configure
WSUS:


STEP 1: INSTALLING WSUS

WSUS is installed on an upstream server as a server role using Microsoft Windows
Server Manager. This server provides features to manage and distribute updates
through a management console.

Once the role is activated, it's available for use. It has a few prerequisites,
including .NET, Microsoft Report Viewer, Internet Information Services, and a
database such as Windows Internal Database or SQL. All these prerequisites are
freely available on Windows Server.

Depending on the size of the network, WSUS can be a single server or many
servers working together. WSUS servers can get updated content and
configurations from each other. This permits extremely large networks and
different office locations to each have their own server. Organizations can also
use WSUS disconnected from the internet. This way, high-security networks can
receive regular patches without exposing the network to the internet.


STEP 2: CLIENT CONFIGURATION

Just deploying a WSUS server to a network isn't enough; clients must be
configured to connect to it instead of to Microsoft update. System admins often
configure the client using Group Policy, but could also set it up through
Microsoft System Center Configuration Manager (SCCM), mobile device management
or manually with registry keys. The settings can be configured via Group Policy
Objects if Active Directory is being used.

Admins can set how clients install updates, if they reboot after installation
and notify users of the updates.


STEP 3: MANAGING UPDATES

The Windows Update Agent performs the actions on the client to install updates.
It connects to the WSUS server and scans for needed updates and then downloads
and installs them. The download uses Microsoft Windows Background Intelligent
Transfer Service to optimize bandwidth use.

WSUS requires a few network ports to be open for operation. The server must be
able to communicate out to the internet Windows update servers on ports 80 and
443 to receive the update packages. Clients connect to the WSUS server on ports
8530 and 8531 by default, though these can be changed.


STEP 4: TESTING AND APPROVING UPDATES

After synchronization, admins should review the available updates in the WSUS
console. They can approve updates for deployment to specific computer groups or
all computers within the organization. It's recommended to test updates on a
subset of machines before approving them for widespread deployment.


STEP 5: AUTOMATING TASKS

The WSUS Administration Console helps automate approvals using rules and admins
can specify rules based on when a particular update becomes available, which
products have updates available or when an update should be approved.

Windows PowerShell scripting can also be used to automate tasks such as
approvals, cleanups, synchronization and update installation scheduling.


STEP 6: MONITORING AND REPORTING

Admins should use the WSUS console to monitor the update status of client
machines, track failed installations and generate reports on updated compliance
and deployment progress.


STEP 7: REGULAR MAINTENANCE

Admins should regularly review and install the updates as they become available.
Additionally, they should monitor the WSUS server performance and disk space
usage. Regular database maintenance tasks should also be conducted to maintain
optimal performance.

System administrators can install the WSUS management console using PowerShell.



CAN WSUS UPDATE THIRD-PARTY SOFTWARE?

WSUS can update third-party software. Through a procedure called local
publishing, system admins can increase the usage of WSUS patching mechanisms to
deliver fixes for third-party programs such as Java and Adobe Reader. This
process involves using auxiliary management tools to publish update packages
containing the binaries and their respective certificates to the WSUS server.
Administrators can also use these technologies to push locally generated and
tested software and custom upgrades to client computers.

Additionally, third-party software updates can be enabled using the
Configuration Manager console and third-party update signing certificates can be
automatically managed via WSUS.

It's important to understand that WSUS doesn't natively support third-party
patch management, since Microsoft created it to distribute patches for Microsoft
products. However, there are numerous benefits to using WSUS instead of
alternative WSUS techniques for patch management when deploying third-party
software and updates. For example, WSUS can distribute drivers and command-line
executables natively without requiring users to have administrator capabilities.


WSUS AND SYSTEM CENTER CONFIGURATION MANAGER

WSUS and SCCM are both Microsoft tools used for managing updates within an
organization, but they serve different purposes and have the following
distinguishing features:


WSUS

 * WSUS only manages updates and patches. It's specifically focused on managing
   and distributing updates for Microsoft products, primarily Windows OSes and
   Microsoft software.
 * It provides a centralized platform for downloading, approving and deploying
   updates to Windows machines within an organization.
 * WSUS is simpler to deploy and manage compared to SCCM. It's primarily focused
   on update management and is often used in conjunction with Group Policy for
   client configuration.
 * WSUS is suitable for organizations mainly concerned with managing Windows
   updates without the need for advanced systems management capabilities.
 * WSUS lacks the advanced features of SCCM. It provides basic reporting and
   monitoring capabilities but doesn't offer the same level of automation,
   customization and integration with other systems management functions.
 * WSUS is available free of charge and is included as a feature in Windows
   Server OSes. There are no additional licensing costs associated with using
   WSUS.


SCCM

 * SCCM can perform any role that WSUS does and much more. For example, it
   enables updates, patches, software installation, administration,
   configuration, endpoint protection and inventory management across a wide
   range of devices including laptops, desktops, servers and mobile devices.
 * SCCM gives users enhanced control over patch deployment, report generation
   and management of Windows machines on their network.
 * SCCM is a more complex and feature-rich tool compared to WSUS. It requires
   more planning, configuration and ongoing maintenance to deploy effectively.
   However, SCCM offers greater flexibility and scalability for managing diverse
   environments and complex deployments.
 * SCCM offers a wide range of features beyond update management, including
   software distribution, patch management, compliance monitoring, endpoint
   protection, remote control and reporting.
 * SCCM is part of the Microsoft System Center suite and is a paid product. It's
   available through various licensing options, including standalone licensing
   or as part of Microsoft 365 subscriptions. The cost of SCCM depends on the
   licensing model and the number of managed devices.
 * SCCM relies on WSUS to check for and apply patches and it can be used to
   manage the WSUS server through the SCCM console.




WINDOWS SERVER UPDATE SERVICES AND WINDOWS UPDATE FOR BUSINESS

Windows Update for Business (WUfB) is a free and modern update system from
Microsoft. In WUfB, the organization sets when and how clients apply updates,
but the clients connect to Microsoft servers or use peer distribution to
download updated content. This is different than in WSUS where clients connect
to servers that the organization manages.

WUfB is easier to set up and manage than WSUS and provides benefits to remote
workers, but it doesn't offer as much control of updates nor as much bandwidth
savings as WSUS.

According to Microsoft, WUfB is available for the following versions of Windows
10 and Windows 11:

 * Windows Pro, including Windows Pro for Workstations.
 * Windows 10 Pro Education.
 * Windows Enterprise, including Enterprise LTSC (Long-Term Servicing Channel),
   IoT Enterprise and IoT Enterprise LTSC.

Numerous options exist for organizations looking for comprehensive patch
options. Explore top patch management software tools and find the right fit for
your organizational needs.

This was last updated in June 2024

CONTINUE READING ABOUT WINDOWS SERVER UPDATE SERVICES (WSUS)

 * Key software patch testing best practices

 * The risks of failed patch management

 * How to conduct security patch validation and verification

 * Guide to Linux patch management

 * Navigating cloud patch management: Benefits, best practices



RELATED TERMS

What is a command prompt? A command prompt is the input field in a text-based
user interface screen for an operating system (OS) or program.
See complete definition What is C (programming language)? The C programming
language is a procedural and general-purpose language that provides low-level
access to system memory. See complete definition What is firmware? Firmware is a
type of software program embedded into hardware devices to help them function
smoothly and effectively. See complete definition

DIG DEEPER ON IT OPERATIONS AND INFRASTRUCTURE MANAGEMENT

 * WINDOWS AS A SERVICE
   
   
   By: Eddie Lockhart

 * HOW TO WORK WITH AN SCCM TECHNICAL PREVIEW LAB
   
   
   By: Daniel Engberg

 * SCCM DRIVER MANAGEMENT STRATEGIES FOR THE MODERN WORLD
   
   
   By: Daniel Engberg

 * SCCM PEER CACHING MATTERS MORE NOW THAN EVER
   
   
   By: Daniel Engberg

Sponsored News
 * Modernizing Microsoft SQL Server with a Multicloud-By-Design Approach –Dell
   Technologies
 * Simplify Cloud Migrations with Dell and VMware –Dell Technologies
 * See More

Vendor Resources
 * Your Complete Guide to Unified Endpoint Management –TechTarget
 * Top 10 end-user computing stories of 2019 –TechTarget ComputerWeekly.com


Latest TechTarget resources
 * Cloud Computing
 * Enterprise Desktop
 * Virtual Desktop

Cloud Computing
 * How to build a business case for cloud migration
   
   Successful cloud migrations start with a solid business plan that details the
   costs, benefits, risks and challenges to key ...

 * Managed identity vs. service principal for Azure apps
   
   Managed identities automate identity management for Azure-native
   applications, while service principals are ideal for external ...

 * Top cloud migration service providers and how to choose one
   
   Tools, services and pricing vary widely, and often, the options are
   platform-specific. Here's a rundown of seven representative ...

Search Enterprise Desktop
 * How to create a custom Windows 11 ISO file
   
   With a custom Windows 11 ISO file, IT departments can streamline deployment
   and apply new version of Windows to repair OS ...

 * How to make the most of Windows Autopatch with Intune
   
   IT administrators can use Intune to manage numerous settings related to
   Windows OSes and business apps. The Windows Autopatch ...

 * How to perform a Windows 11 ISO file install
   
   The days of IT departments manually provisioning Windows OSes and company
   settings onto each PC are long gone, but IT staff still...

Search Virtual Desktop
 * What is the difference between Windows 10 vs. Windows 10 IoT?
   
   There are several key differences between Windows IoT and a regular Windows
   desktop OS, so organizations must compare these ...

 * Comparing AWS WorkSpaces vs. Azure Virtual Desktop
   
   AWS WorkSpaces and Azure Virtual Desktop are stable and mature platforms that
   work equally well, but key factors set them apart. ...

 * Comparing VMware Horizon vs. Azure Virtual Desktop
   
   Two of the top desktop virtualization technologies are Azure Virtual Desktop
   and Omnissa Horizon -- formerly from VMware. Learn ...

 * About Us
 * Editorial Ethics Policy
 * Meet The Editors
 * Contact Us
 * Advertisers
 * Partner with Us
 * Media Kit
 * Corporate Site

 * Contributors
 * Reprints
 * Answers
 * Definitions
 * E-Products
 * Events
 * Features

 * Guides
 * Opinions
 * Photo Stories
 * Quizzes
 * Tips
 * Tutorials
 * Videos

All Rights Reserved, Copyright 2000 - 2024, TechTarget

Privacy Policy
Cookie Preferences
Cookie Preferences
Do Not Sell or Share My Personal Information


Close


X
Free Download What is patch management? Lifecycle, benefits and best practices


THIS COMPREHENSIVE GUIDE EXPLAINS THE ENTIRE PATCH MANAGEMENT PROCESS AND ITS
ROLE IN IT ADMINISTRATION AND SECURITY. THE HYPERLINKS DIRECT YOU TO DETAILED
ARTICLES ON PATCH MANAGEMENT BEST PRACTICES, TOOLS AND SERVICES.