SUS/WSUS setup at Anglicare WA

What is SUS/WSUS?

SUS is Software Update Services, a free patch management program made by Microsoft. WSUS (Windows Software Update Services) is the new updated verison of SUS and is still free. SUS originally only supported the deployment of patches and service packs for Windows 2000 and XP and was very broad in terms of what could be managed. WSUS increased the management capabilities of by allowing specific groups of PCs to be allocated patches. It also allowed the ability to deploy patches for Office.

SUS/WSUS Implementation at Anglicare WA

Originally there was no central method of deploying patches for Windows. This led to a number of issues. Firstly, it was very labour intensive to install patches and because the patches were not deployed from a central location, there was a duplication of downloads. This led to increased costs.

To resolve this, I tested out SUS. The original test deployment was performed at head office and was configured to deploy patches at 9am on Monday. While this test was a technical success, feedback from staff showed the time was not desirable as their PC would sometimes restart without consulting them. Another issue was the number of casual and part time staff who didn’t work on Mondays, meaning their PC didn’t get patched.

A refinement was made to the system using Wake Up On LAN (WOL). A script would “wake up” the PCs at 4am each morning, they would install any pending updates and shut off at 4:30am. Eventually this system was deployed to all remote sites that had a server.

The benefits of this included:

  • PCs were kept up to date, thus reducing the risk of hacking, viruses and other security issues
  • Costs were kept down. The software was free, took minimal effort to setup and saved on labour and internet costs
  • Seperate patching methods could be applied. For example, servers were set to only download the patches, never to install them automatically.