Software Update Services (SUS) Basics

SUS is designed to automate the process of updating Windows systems with the latest patches and hot fixes. It requires that you set up what effectively becomes a local Windows Update Server, which will host a copy of patches and updates from the Internet-based Windows Update Server that you’re likely already familiar with. SUS is designed to update systems running (at least) Windows 2000 SP2, Windows XP SP1, and Windows 2003. That said, SUS does not support WIN 95, WIN98, WINME, and WINNT4.0; it will never download patches for these operating systems. If you need to update computers running these older versions of Windows, you’ll still need to go about the process manually.

Ultimately, this means that SUS can only apply patches to the following operating systems:

  • Windows 2000 Professional with Service Pack (SP) 2 & above.
  • Windows 2000 Server with SP2 & above.
  • Windows 2000 Advanced Server with SP2 & above.
  • Windows XP Professional without SP1 & above.
  • Windows XP Home Edition without SP1 & above.

SUS provides for centralized administration; an administrator can decide which available updates are to be approved for distribution to clients. Patches are downloaded in the background via the Background Intelligence Service (BITS); you’ll learn more about BITS later in this series.

SUS will never “push” any patches to its client systems. Instead, it only publishes the updates that you designate as “Approved Patches”, and then the Automatic Update feature of your Windows clients will pull the updates instead.

Unlike using, it’s important to note that SUS will never download driver updates; it only distributes critical security updates.