I’ve been an advocate of Microsoft SUS/WSUS since the v1.0 release. Sure, there are better enterprise software deployment products out there (Microsoft even has one – Systems Management Server) but as a low cost (free) patch management solution for Windows, it’s hard to beat Windows Software Update Services (which, since version 2.0, will update more than just Windows – WSUS 2.0 can act as a local cache for all updates that are available through the Microsoft Update servers). Except that now it has been beaten – by Windows Server Update Services (note the subtle name change) 3.0.
WSUS 3.0 was launched a couple of months ago and I finally installed it this afternoon. Not only does it include some great new features (like e-mail notification, improved reporting and computer management) but it finally gets an MMC administration interface (a huge improvement on the previous web administration interface). There are database changes too – WSUS no longer supports SQL Server 2000/MSDE (after all, those products are shortly to be retired), although it will upgrade an existing database.
The only downside that I can see is that the product still relies on clients connecting to the server and pulling updates (there is no option to force updates on clients – at least not as far as I can see). That’s fine but it does introduce some latency into the process (i.e. if there is an urgent patch to deploy, then WSUS is probably not the right tool to use); however, for the basic operational task of keeping a Windows infrastructure patched (for Microsoft products) and reporting on the current state, WSUS is definitely worth considering.
Further Information
WSUS 3.0 distributed network improvements (white paper).
WSUS 3.0 Usability improvements (white paper).