Software Update Services

Posted on 2004-11-05
Medium Priority
Last Modified: 2010-04-19
I have a 2003 DC in my domain and I want to setup SUS. I installed Software Update Services 1.0 with Service Pack 1 on the 2003 server. I am trying to configure the Deployment of the automatic client updates via active directory following the Microsoft Software Update Service Deployment white paper. I cannot however created any GPO because I cannot see the Computer Configuration \Software Settings inn the AD users and computers snapin

Please help
The Falcon
Question by:FalconTwo
  • 2
  • 2
LVL 57

Accepted Solution

Pete Long earned 1000 total points
ID: 12505110
Hi FalconTwo,
This is how I set mine up

Implementing SUS (software update services)

First download SUS from http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-972C-AE66A4E4BF6C&displaylang=en
(SUS10SP1.exe 33009 KB)

Go to the machine server that you want to run SUS on and ensure IIS is installed, in Server 2000 go to control panel >add remove programs > windows componants, and add it in. In server 2003 go to "Manage your server and add the web server role.

Run the above .exe file.

go to http://localhost/SUSAdmin, click syncronise server > syncronise now

First it will download the catalog, this will be quite quick, then it will download all the updates and service packs (this will take a looooong time - at time of writing there are over 5000 of them and some of them are 100Mb+) Microsoft recommends you have AT LEAST 6 gb free on the server to hold all this stuff. Ive usually found this stalls and falls over a few times, simply exit and go back into SUSAdmin and restart the "syncronise now" to pick up where it left off.

When its complete go to the "Approve Update" tab and tick the items you want to approve for distributtion.

------------Now you need to configure the client PC's---------------

You can do this in two ways either by LOCAL policy that means you need to configure it on each client or through Doamin Policy.

1. If you are setting this up on the DOmain skip to number 2, On the client click Start > Run > gpedit.msc {enter}

2. If you are doing this on a Local PC skip to number 3, On a domain controller open administrative tools > Active directory users and computers, right click the domain (you can do this on an OU too if you wish) and select Properties > Group Policy > select the "default DOamin Policy" and click Edit.

3. Navigate to Computer Configuration > Administrative Templates >Windows COmponants > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.

4. Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frightem my users so I select "4 - Auto download and shcedule the install" you can now set the schedule by default its set to 0300 which aint no good if all your PC's are shut down at that time (set it to 1400)

5. Click "Next Setting" > Enable > in both box's type the URL of your SUS server (i.e. http://servername). then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen shout ask for a wait period after startup for the updates to run select enables and enter 5 minutes.

6. Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. that meant it will inform the user but not reboot.

7. CLick OK exit the policy editor, you can force the policy to take effect, by clicking..

XP and server 2003: Start > run > gpupdate {enter}

You can test to see if they have applie by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"


Expert Comment

ID: 12508963
Your question is a little vague but - If all your computers are in the default computers container you can not apply a SUS GPO. Move all your computers to a new OU, or place them in existing OUs etc. Then you can apply the GPO and like PeteL said "Navigate to Computer Configuration > Administrative Templates >Windows Componants > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties" A good resource on implementing SUS is http://forums.susserver.com/index.php?

Author Comment

ID: 12566609
Thanks very much I believe this is working but is there a way I can tell which machine got the update or do I have to walk to the machine to see if they were updated. Isn't there some tool or section in SUS when I can get confirmation the workstation X was updated with such and such updates??

Expert Comment

ID: 12567618
FalconTwo - The is a reporting tool that uses SQLserver at www.susserver.com/software/susreporting
there is also an online version that will convert the text file so you can see exactly what you want - albiet by IP though
LVL 57

Expert Comment

by:Pete Long
ID: 12572853

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question