As mentioned before, SUS 1.0 SP1 (downloadable from http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-972C-AE66A4E4BF6C&displaylang=en must be installed on a system running Windows 2000 or 2003 Server with Internet Information Services (and Internet Explorer 5.5 or later). The setup program uses a Web site bound to Port 80 or, if none exists, creates one and binds it to Port 80. (Port 80 is required for the proper communication between the SUS server, its clients, and other servers, including Microsoft Windows Update servers.)
The setup program also creates a folder where Web site files and Windows update files downloaded from Microsoft (or another SUS server higher in hierarchy) are stored. In case of update files, you have the option to not download them and have clients install selectively approved updates directly from the Microsoft Update servers. This option might make sense for clients residing on the far side of a slow WAN link, with no local SUS server on their site, that have a fairly fast direct Internet connection.
Next, you are prompted to select language versions of patches you are interested in. Select only those relevant to your environment, as this choice affects the disk space SUS occupies. Finally, decide whether new patches are to be approved automatically or manually. The first option makes sense if the organization’s only goal is to optimize bandwidth utilization of its Internet connection; the second one is preferable when the IS organization wants to control which updates should be deployed in an environment.
On completion, the wizard provides URL path of the SUS Web site for client computers to access when downloading patches (typically, this path is http://SUSServerName — where SUSServerName is the resolvable name of the server hosting the Web site). When installing on a Windows 2000 Server platform, the setup program also installs IIS Lockdown 2.0 and URL Scanner 2.5 utilities (providing they are not already present on the target system). These utilities are then used to disable or remove a number of potentially vulnerable features, (e.g., anonymous access, WebDAV, and Sample Web site). Once the installation is complete, it automatically launches Internet Explorer and connects to the SUS Administration Web page located at http://SUSServerName/SUSAdmin.
From the SUS Administration Web page, the administrator can configure SUS components and perform two main administrative tasks — synchronizing and approving content. Configuration involves setting the following parameters (some of which are set during installation):
From the administrative page, you can also synchronize the SUS server with its source (by clicking the Synchronize Now button displayed after the “Synchronize server” option is selected), approve updates (provided the manual approval method has been chosen) by selecting the “Approve updates” option and selecting a checkbox in the list of Available Updates listed in the right side of the Web page, view synchronization and approval logs, and monitor servers, which gives you information about the number of updates loaded in the server’s memory cache. This also speeds up access to them.
The next article will continue our coverage of the SUS solution with a discussion of additional configuration options as well as Microsoft’s short-term plans concerning this technology.
Marcin Policht obtained his Master of Computer Science degree about 20 years ago and has been since then working in the Information Technology field, handling variety of responsibilities, but focusing primarily on the areas of identity and access management, virtualization, system management, and, more recently private, hybrid, and public cloud services. He has authored the first book dedicated to Windows Management Instrumentation and co-written several others dealing with subjects ranging from core operating system features to high-availability solutions. His articles have been published on such Web sites as ServerWatch.com and DatabaseJournal.com. For his contributions to the Microsoft technical community, he has been awarded the title of Microsoft MVP over the last ten years.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
