MIT Windows Automatic Update Service: Features
MIT Windows Automatic Update Service (WAUS)
consists of both client-side and server-side
components to provide a basic solution
to critical update management. The client-side
components are included as part of the
operating system in Windows 2000 SP3
and later, Windows XP SP1 and later,
and Windows Server 2003.
Client-side
Features
The client is based on the Windows Automatic
Updates technology for Windows XP but with
significant enhancements for improved manageability.
Automatic Updates is a proactive "pull"
service that allows for automatic detection,
download, and installation of required
Windows updates such as critical operating
system fixes and Windows security patches.
Client-side features include:
- Guaranteed installation of
approved updates. Administrators
and users can configure Automatic Updates
to automatically download updates and
schedule their installation for a specified
time. If the computer is turned off at
that time, the updates can be installed
as soon as the computer is turned on.
- Scheduled installation options.
Local administrators can be allowed to
download and install updates manually.
Non-local administrators are prevented
from downloading or installing updates.
This prevents unauthorized users from
tampering with the installation of updates.
- Built-in security.
Before installing a downloaded update,
Automatic Updates verifies that Microsoft
has digitally signed the files.
- Accurate detection of necessary
updates. Automatic Updates uses
the same proven technologies as the Windows
Update site to scan a particular system
and determine which updates are applicable.
- Background downloads.
Automatic Updates uses the Background
Intelligent Transfer Service (BITS),
an innovative bandwidth-throttling technology,
to download updates. Because this bandwidth-throttling
technology uses only idle bandwidth,
downloads do not interfere with or slow
other network activity, such as Internet
browsing.
- Chained installation. Automatic
Updates uses Windows Update technologies
to install downloaded updates. If multiple
updates are being installed and one or
more of them requires a restart, Automatic
Updates installs them all together and
then requests a single restart.
- Manageability. In
an Active Directory® directory service
environment, an administrator can configure
the behavior of Automatic Updates using
Group Policy. Otherwise, an administrator
can remotely configure Automatic Updates
using registry keys through the use of
a logon script or similar mechanism.
- Multi-language support. The
client is supported on localized versions
of Windows.
[Back
to top]
Server-side
Features
Software Update Services is based on the
same back-end technology used on the public
Windows Update site that has been servicing
Windows customers since mid-1998. It runs
on Windows 2000 Server with Service Pack
2 or later. Internet Information Services
(IIS) must be enabled on the server. Server-side
features include:
- Windows critical updates,
security updates, and service packs.
SUS will include Windows critical updates,
security updates, and service packs for
Windows 2000, Windows XP, and Windows
Server 2003. SUS does not include hardware
device drivers.
- Built-in security.
The administrative pages are restricted
to local administrators on the computer
that hosts the updates. The synchronization
validates the digital certificates on
any downloads to the update server. If
the certificates are not from Microsoft,
the packages are deleted.
- Selective content approval.
Updates synchronized to the server running
SUS are not made automatically available
to the computers that have been configured
to receive updates from that server.
The administrator approves the updates
before they are made available for download.
This allows the administrator to test
the packages before deploying them.
- Content synchronization.
The server can be automatically or manually
synchronized with the public Windows
Update service. The administrator can
set a schedule or set the synchronization
component of the server to do it automatically
at preset times. Alternatively, the administrator
can use the Synchronize Now button to
manually synchronize.
- Server-to-server synchronization.
Because administrators may need to run
Microsoft SUS on multiple servers inside
an organization -- in order to bring
the updates closer to desktops and servers
for downloading, Microsoft SUS allows
you to point to another server running
Microsoft SUS instead of Windows Update.
This allows for a single point of entry
for updates into the network, without
requiring that each SUS server download
updates from the external Microsoft source.
In this way, updates can be more easily
distributed across the enterprise.
- Update package hosting flexibility.
Administrators have the flexibility
of downloading the actual updates to
their intranet site or pointing computers
to a worldwide network of download servers
maintained by Microsoft. Downloading
updates directly might appeal to an administrator
with a network closed to the Internet.
Large networks spread over geographically
disparate sites might find it more beneficial
to use the Microsoft-maintained download
servers -- in other words, the actual
Microsoft Windows Update download servers.
In this scenario, an administrator would
download and test updates at a central
site, then point computers requiring
updates to one of the Windows Update
download servers -- all the while maintaining
control over which updates are installed.
- Multi-language support.
Although the Software Update Services
administrative interface is available
in only English or Japanese, the server
supports the publishing of updates to
multiple operating-system language versions.
Administrators can configure the list
of languages for which they want to download
updates.
- Remote administration via
HTTP or HTTPS. The SUS administrative
interface is web-based and therefore
allows for remote (internal) administration
using Internet Explorer 5.5 or later.
- Update status logging. Administrators
can specify the address of a web server
where the Automatic Updates client should
send statistics about updates that have
been downloaded, and whether the updates
have been installed. These statistics
are sent using the HTTP protocol and
appear in the IIS log file of the web
server.
[Back
to top] |
