SUS Server: Software Update Server
SUS Server with SP1 Release Notes and Installation Instructions
I've been working with this the last two days, I found that you can create a .REG file and set clients to connect to a local server for updates. So you have more control over where / when and what your clients are installing. Until you approve an update it won't be installed on the clients machine. As long as you set up SUS like that, you have the flexibility of making it automatic as well. Gotcha's include the fact that the ScheduledInstallTime regkey is a dword and in the .REG file must be in HEX; so valid values are 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F,10,11,12,13,14,15,16,17 coresponding to 0-23 hundred hours local time.
RescheduleWaitTime is how long the machine waits to begin installation after missing the scheduled time, ie if not on when scheduled to update, next time it's turned on it would wait 4 minutes before installing new patches.
NoAutoRebootWithLoggedOnUsers means whether reboot will be automatic (=0, reboot in 5 minutes after applying patches) or not (=1 then reboot will not be forced)
AUOptions controls the level of notification the client sees, set this to 4 and approved patches are retrieved and applied automatically.
One thing I don't like is that the SUS service MUST run on a Windows server, so testing this out requires a dedicated server to test. Although the overhead seems minimal, foot print is of course all the packages you're caching. (300-400MB) for what I saw supporting a W2K environment. You can pick languages, but for some wierd reason, it grabs all the .NET service pack 1 for a dozen odd languages. Useless clutter I don't need, especially when I told it I would pick languages, and only checked English.
Microsoft Software Update Services (SUS) Server 1.0 with Service Pack 1 (SP1) addresses several customer requests and fixes several issues found in the SUS 1.0 release.
REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"RescheduleWaitTime"=dword:00000004
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:0000000D
"UseWUServer"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://my_servers_name/"
"WUStatusServer"="http://my_servers_name/"
0 TrackBacks
Listed below are links to blogs that reference this entry: SUS Server: Software Update Server.
TrackBack URL for this entry: http://kennethhunt.com/mt/mt-tb.cgi/902
8 Comments
Search
Safari Online
Mike Erdely
The Open Prosthetics Project
Andrew W. Moore
Talking Out Loud with ASB
ducea
Andrew Baker
*scottstuff*
Ask Bjorn Hansen
Joe Topjian
John Sequeira's Weblog
Team Murder
defective yeti
postneo
Ben Hammersley
Chez Chrissie
The Frosty Mug Revolution
Jeremy Zawodny's blog
Lucas Gonze
Eric Norlin
slashdot
John Vu
Net Observer
Books Observer
Sterling
Bill Buxton
Melanie Rieback
Well, Microsoft should fix this.
I have noautorebootwithloggedonusers => 1
The system still forces a reboot, even for a logged on admin.
This is ****ing me off.
What updates does SUS provide assuming that msba is also running?? ie (Office, Windows, other not microsoft products)
Can one physical server host more that one SUS instance using Virtual sites under IIS? I ask because I have a very large, and diverse base of systems to support, and not all of them can take certain patches until other critical software packages get updated, and I'd still like to manage them with SUS.
I'm thinking of something like ...
MYSUSSERVER.MYSITE.COM (Default Site in IIS)
+SUS1.MYSITE.COM (Virtual Site in IIS)
|
+SUS2.MYSITE.COM (Virtual Site in IIS)
Where MYSUSSERVER is feeding SUS1 and SUS2, but workstations only point to SUS1 or SUS2.
Thanks!!
Regarding the .NET framework launguage issue which really bugged me till I saw one of the MS SUS guys explain it:
".Net Framework can be
installed in multiple language flavors, even on a simple English machine.
For example, if you want to develop some .Net Framework applications in
Japanese on your English OS, you can install the Japanese .Net Framework and
do the dev work. If you happen to have installed .Net Framework of a
different flavor on your EN machine, then the Japanese .Net Framework SP2 is
now considered a "critical" update for your machine. That's why you get
several different languages of .Net Framework, even though you've only
selected English as the sync language.
I'm not sure I have the explanation exactly right, but that is how I
understand it.
Don [MS]
end quote
Note, the NoAutoRebootWithLoggedOnUsers key allows you to force a reboot or allow the user to reboot, a forced reboot initiates with a 5 minute countdown timer, the user initiated reboot prompts the user to reboot but does not force it until he clicks YES.
You should be able to visit http://myserver/SUSAdmin/ and control all aspects of the SUS deployment.
Yes you have to pick a time for it to deploy, you can either change the HOUR in the reg script or change the TIME on the computer. Pain in the ass I'd rather beable to specify update every x time rather than have to pick a hour once a day. Oh well.
Hello.
Shold i get any information when i visit this site with IE http://susserver/
I just get that the page us under construction, is that right? I have copyed that reg file and applayed it to one computer in my network to test, but will it only update from 17 to 22 ? So i must wait before i can see if this thing work or not?
Thanks for posting that .REG file. I missed the part about the server name being one level above the rest of the entries. The deployment guide places that info at the end of the page and right next to a note. I missed it. I was also a bit iffy on the Hex - Decimal thing. They didn't post which to use... I assumed hex. I'm no registry guru.
Anyway. Thanks for your help;)