Patch Management with Microsoft Software Update Services (SUS)

“Save the Internet and keep all systems patched”. Today, patching Windows is essential to keep systems safe and protected from viruses and worms; recall the cases of Blaster or Sasser. Using the site is a common way to check for and install the latest security patches. While this method works, Microsoft’s Software Update Service (SUS) provides administrators with an automated means to distribute and install critical operating systems security patches; it’s a free product, and provides a great way to automate the process of installing critical security patches from Microsoft. If you’re an administrator of a Windows network, SUS is one product that you definitely warrants a closer look.

In this first article, we’ll take a look at what SUS does, and how it works in conjunction with technologies like Automatic Updates and Group Policy. In the next part, we’ll get into installing SUS and configuring its settings.

Common Scenarios

Many organizations don’t have strict policies about updating Windows and distributing security patches. Most have their own approaches, like not patching until a new virus threat is brought to light. This might also be because of a lack of knowledge or infrastructure. In some cases, users will browse to the web site to install patches without any testing. In others, help desk staff or network administrators install available patches manually, visiting all user desktops. However, these methods can be less than timely, and often result in significant administrative effort. Thankfully, there are many emerging technologies for patching the Windows systems automatically, putting administrators in complete control of this critical process.

What is Software Update Services (SUS)?

In this series, we’ll discuss what Software Update Services (SUS) is, and how it works. The subject will be divided into 10 basic sections, as outlined below:

  • SUS basics
  • SUS components
  • SUS functionality
  • Software Installation Overview
  • Configuring Automatic Update Clients
  • Ensuring Automatic Updates is working with SUS
  • Understanding how Automatic Updates behave for logged in users
  • SUS Limitations
  • SUS Resources