SUS is a free download from the SUS home page. There is a lot of information about SUS there as well as downloads. Once installed, SUS is administered via your web browser. The web address is http://SUS_server/SUSAdmin where SUS_server is the name of the server on which you installed SUS. Obviously since it’s accessed via a web browser, IIS (Internet Information Server) must be up and running on that server as well. Your first time, you will be guided through the process of configuring the various options for SUS.

After you have installed and configured it, your first step in administering SUS is to synchronize the server with the Microsoft update site. Clicking the “Synchronize Now” button starts the process. There is also a “Synchronization Schedule” that you will use later to schedule the periodic automatic download. The first time you do a manual synchronization, you’d best just go out for coffee (or a beer), as it will have a lot of catching up to do. There will be several hundred megabytes of updates just waiting for you to pick up. Once you have performed your first synchronization, you will be prompted to select the updates to approve. This feature of SUS allows the network administrator to first review and test updates before they are unleashed on the whole network. Scroll through the list of updates and select the check box of those you want to approve. Once you’ve selected them, click the “Approve” button. At this point you will be prompted to accept the end user licensing agreement. Once accepted, the updates are approved and made available for your clients to download.

After your initial synchronization and approval of updates, you will want to set up the synchronization schedule. From the left pane of the admin window, select Synchronize Server and then click on the Synchronization Schedule in the right hand pane. Here you may set the time of the synchronization as well as the day. I would recommend daily. But you might want to change the default time of 3 AM. This is also the default for the Automatic Updates done by individual PCs. I figure that just about every PC in the world will be doing a download at 3 AM so perhaps another time would be more appropriate for my downloads. I have mine set for 1 AM.

The second part is getting the approved downloads to your clients. The Automatic Updates Client is used to download the updates from the server to the client. The client software is included in Windows Server 2003, Windows 2000 Service Pack 3, and Windows XP Pro Service Pack 1. The client can also be downloaded from the SUS web site. The client can be configured locally on each PC but if you have a lot of PCs to configure, that can be a pain. Enter Active Directory and Group Policies. Using group policies, you can automatically configure all your PCs to obtain and install their updates without ever leaving your own office (or server room). To do so, you must create a Group Policy Object. This is done typically using the Active Directory Users and Computers snap-in. The computers you want to configure should be in Organizational Units so right-click on the appropriate OU and select Properties. From the OU properties, select the Group Policy tab. Create a new Group Policy for SUS and edit it.  You want to configure the Computer Configuration, Administrative Templates, Windows Components, and Windows Updates settings.

There are four settings to work with. The first is “Configure Automatic Updates”. You want to “Enable” this and then specify how you want the updates handled; Notify for download and notify for install, Automatic download and notify for install, or Automatic download and install. You then specify how often (I select Every day) and the time (3 AM is OK here as it’s after the server synchronization and is local; I’m not competing with all the PCs on the Internet). The next setting is Specify intranet Microsoft update service location. This is your SUS_server so enter it as http://SUS_server (whatever your server name is). The next setting is Reschedule Automatic Updates Scheduled Installations, which tells your computer how long to wait after it is restarted to start the download and installation should your computer be turned off before 3 AM. So leave it on all night! Lastly is the No Auto-Restart for Scheduled Automatic Updates Installations. This allows you to specify whether it’s Ok to reboot the PC after an update. Normally at 3 AM this won’t be a problem unless you have some process, like a backup, running at that hour.

All in all, SUS provides a handy way to administer Windows Updates on your network. Microsoft will soon be releasing version 2, which is supposed to include updates for all Microsoft products including Office. That will be real handy.