Software Update Services

I have a 2003 DC in my domain and I want to setup SUS. I installed Software Update Services 1.0 with Service Pack 1 on the 2003 server. I am trying to configure the Deployment of the automatic client updates via active directory following the Microsoft Software Update Service Deployment white paper. I cannot however created any GPO because I cannot see the Computer Configuration \Software Settings inn the AD users and computers snapin

Please help
The Falcon
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Hi FalconTwo,
This is how I set mine up

Implementing SUS (software update services)

First download SUS from
(SUS10SP1.exe 33009 KB)

Go to the machine server that you want to run SUS on and ensure IIS is installed, in Server 2000 go to control panel >add remove programs > windows componants, and add it in. In server 2003 go to "Manage your server and add the web server role.

Run the above .exe file.

go to http://localhost/SUSAdmin, click syncronise server > syncronise now

First it will download the catalog, this will be quite quick, then it will download all the updates and service packs (this will take a looooong time - at time of writing there are over 5000 of them and some of them are 100Mb+) Microsoft recommends you have AT LEAST 6 gb free on the server to hold all this stuff. Ive usually found this stalls and falls over a few times, simply exit and go back into SUSAdmin and restart the "syncronise now" to pick up where it left off.

When its complete go to the "Approve Update" tab and tick the items you want to approve for distributtion.

------------Now you need to configure the client PC's---------------

You can do this in two ways either by LOCAL policy that means you need to configure it on each client or through Doamin Policy.

1. If you are setting this up on the DOmain skip to number 2, On the client click Start > Run > gpedit.msc {enter}

2. If you are doing this on a Local PC skip to number 3, On a domain controller open administrative tools > Active directory users and computers, right click the domain (you can do this on an OU too if you wish) and select Properties > Group Policy > select the "default DOamin Policy" and click Edit.

3. Navigate to Computer Configuration > Administrative Templates >Windows COmponants > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.

4. Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frightem my users so I select "4 - Auto download and shcedule the install" you can now set the schedule by default its set to 0300 which aint no good if all your PC's are shut down at that time (set it to 1400)

5. Click "Next Setting" > Enable > in both box's type the URL of your SUS server (i.e. http://servername). then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen shout ask for a wait period after startup for the updates to run select enables and enter 5 minutes.

6. Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. that meant it will inform the user but not reboot.

7. CLick OK exit the policy editor, you can force the policy to take effect, by clicking..

XP and server 2003: Start > run > gpupdate {enter}

You can test to see if they have applie by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Your question is a little vague but - If all your computers are in the default computers container you can not apply a SUS GPO. Move all your computers to a new OU, or place them in existing OUs etc. Then you can apply the GPO and like PeteL said "Navigate to Computer Configuration > Administrative Templates >Windows Componants > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties" A good resource on implementing SUS is
FalconTwoAuthor Commented:
Thanks very much I believe this is working but is there a way I can tell which machine got the update or do I have to walk to the machine to see if they were updated. Isn't there some tool or section in SUS when I can get confirmation the workstation X was updated with such and such updates??
FalconTwo - The is a reporting tool that uses SQLserver at
there is also an online version that will convert the text file so you can see exactly what you want - albiet by IP though
Pete LongTechnical ConsultantCommented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.