WSUS (Windows Server Update Services) is a service that allows your computer to stay updated with the latest Microsoft critical updates and security updates for Microsoft products. For more information about Microsoft WSUS visit:
http://technet.microsoft.com/en-us/wsus/default.aspx
WSUS helps to decrease the total bandwidth used by Windows systems at Purdue. Logging and reporting by the WSUS server allows ITNS to check if your system has been applying updates properly.
Once the service is configured on a client computer, the computer will automatically connect to the ITNS WSUS server and download any new approved updates, thus staying up to date with Microsoft's most recent patches.
Any Microsoft OS containing the automatic updates software and still supported by MS will work with WSUS.
Administrators must configure the Windows Update Automatic Update client on systems to point to the WSUS server to download patches and report statistics. This can be done via registry options or Group Policy (local or Active Directory). Options vary slightly between XP/2003 and Vista. There are two options required when configuring for use with the ITNS server. One is to enable ‘configure automatic updates’ with a schedule of your choosing, the other is to enter the following URL in the settings for ‘specify update server location’: http://1061sus02.itap.purdue.edu
Please visit the following site which outlines further Group Policy options for WSUS:
Please visit the following site which outlines registry options for WSUS:
Yes, WSUS does not interfere with the web based updater functionality. Vista will redirect you to the control panel, where you can check for updates via a link; however this will connect you to Microsoft’s server.
IT Networks and Security’s (ITNS) central WSUS server has a default approve policy for critical and security updates as well as definition updates. Other categories such as service packs and rollups are approved manually to have finer control over compatibility issues. For the most part, everything gets approved on Patch Tuesday, though.
One way to force a connection is to go to the command line as an administrator and run wuauclt /detectnow.This will force the auto update agent to connect to the server. By then running the command netstat -ano 5 | find “128.210.63.136” you can see if the host is then connecting to the IP of the server. If you see an entry like below, then the client is connecting:
TCP Client IP:source port 128.210.63.136:80 ESTABLISHED ###
Simply remove the registry keys, or revert the policy settings that were applied. This will cause automatic updates to return back to its default settings.
Contact itap-securityhelp@purdue.edu with any questions or comments you may have about the ITNS WSUS service.
Top