Organizing your updates through SUS, is that possible?

Alex Anderson · Feb 9, 2004

Everyone,

Do you have to go around every one of your computers to get a consensus
what patches are need and what needs patches? I have a mixture of
computers, ranging from Win2k and XP, and is there a easy way to let SUS
keep them updated with all latest updates while they come through. I wish
Microsoft would combine their updates into one update, sorta like a service
pack but not having to wait for the length of time it takes to get service
packs. It seems their updates are scattered and there is no way to organize
them using SUS. You have to do the homework and consensus to apply the
appropriate patches. How are other people managing this undertaking?

Thank you
Alex Anderson

R Dunn · Feb 11, 2004

Alex -

Check the deployment whitepaper out -

http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx

The main site is here:

http://www.microsoft.com/sus

Yes, SUS should do what you are asking. You only need to set up IIS with
SUS on the box, choose your updates that you wish to deploy (accounting for
the lowest common denominator).

Then you just need to deploy a registry key via login script or SMS to tell
the PCs to point to your new SUS server.

The only thing you have to be aware of is that SUS does NOT deploy service
packs. However, there are other means to do that...!

You can have multiple SUS servers in your organization, and they can all
synchronize with the parent server if you have multiple sites, etc. -

Good luck!
Rob

Alex Anderson · Feb 11, 2004

Major Dunn,

I have SUS already in place using GPO's to deploy the necessary SUS
requirements to my clients. My question is - is there a simple way of
administering this daunting task of organizing the updates? Is there a way
to automatically update while new patches come in and deploy them to my
clients? Right now, it's a manual process. I synchronize the SUS server,
then do my homework on each patch that Microsoft releases. Approve them,
then the clients get them. The process I just stated is my inquiry for a
more automated process?

Thank you
Alex Anderson

R Dunn · Feb 12, 2004

I'm not sure where you are getting 'Major' from, unless it precedes the word
'geek,' but anyway...

Pretty much what you are doing is the recommended usage for SUS. It was
intended for administrators to approve/disapprove certain patches for
deployment on the network. It kinda defeats the purpose if you want to
automate this.

I suppose there is the possibility of synchronizing your update server with
a Microsoft-run update server, but I've never tried it - has anyone else?

Rob

Alex Anderson · Feb 12, 2004

R Dunn,

I see now. I thought SUS was something completely different. You know,
when Microsoft has one of manly exploits in their OS software, you are not
told until it's either too late or read about the exploit in the newspaper.
I figured SUS would automatically patched vulnerabilities as they were
discovered, leaving the detective work to Microsoft. Guess not, from what
you're saying. Okay, I understand now, thank you.

Alex Anderson