How do I switch from WSUS to Windows Update?

• WSUS Definition

  What is WSUS? WSUS is also known as Windows Server Update Services, and its first version is called Server Update Services (SUS). It helps distribute updates, fixes, and other types of releases available from Microsoft Update.

  Nội dung chính Show

  • How do I change WSUS to Windows Update?
  • How do I turn off WSUS?
  • How do I stop Windows Update from WSUS?
  • What is replacing WSUS?

  You can use WSUS to reliably and securely manage, distribute, and install updates for Microsoft products in an organization's IT network. Some of the product examples include Windows Defender, Windows 10, and Office.

• How does WSUS work?

  WSUS works as a Windows Server role. You can deploy one or more WSUS servers depending on the number of client machines—including server machines whose updates you want to manage through WSUS—and other technical considerations in your organization’s IT network.

  If you deploy more than one WSUS server, you can decide to connect one or more WSUS servers to Microsoft Update. The servers connected to Microsoft Update can act as an update source for the other WSUS servers in the IT network.

  The WSUS servers that provide updates to other WSUS servers are called upstream servers. You can limit the number of upstream servers to one since one WSUS server can synchronize all other WSUS servers. This approach also helps limit the number of WSUS servers exposed to the internet.

  However, if many downstream servers try to synchronize from an upstream server simultaneously, it can create intranet bandwidth and performance issues. Therefore, you should optimize the synchronization process for efficient performance.

  You can deploy multiple WSUS servers as needed in multi-tier hierarchies to distribute updates more effectively to client machines located across various geo-locations. If you also manage mobile devices that join and leave your organization’s IT network infrequently, you can allow them to get updates from the nearest WSUS server.

  Once you have finalized the architecture and set up the upstream and downstream servers, you should allow and connect client machines to get updates from WSUS servers. Accordingly, whenever updates are available, you can review and test those updates and then distribute them to specific client machines. You can also define groups to manage client machines categorically and distribute updates based on group policies.

• What are WSUS Server modes?

  You can deploy WSUS servers in two different modes:

  1. Autonomous Mode
  2. Replica Mode

  Autonomous Mode: This is the default installation option for Windows Server Update Services, and it helps implement distributed administration. A WSUS server set up in this mode only gets updates from an upstream server, but you should separately review, approve, and distribute the updates to the client machines connected to this server.

  Replica Mode: This mode helps implement centralized administration. You don’t need to manage WSUS servers deployed in this mode separately. These servers get updates, approval statuses, and distribution policies from the upstream server.

• How to automate WSUS

  You can automate specific tasks in WSUS. Specifically, WSUS Administration Console helps automate approvals using rules. You can specify rules based on when a particular update becomes available, which products have updates available, or by when an update should be approved.

  You can also use PowerShell scripting to automate tasks like approvals, cleanups, synchronization, and update installation scheduling.

• Benefits of WSUS

  Microsoft regularly releases several updates for its products, including critical updates, security updates, drivers, service packs, and tools, among others. Installing these updates on client machines is essential to patch security vulnerabilities and ensure client machines work as expected.

  However, manually reviewing, approving, and installing updates is a tedious, time-consuming process. Moreover, manually ensuring all client machines received appropriate updates is error-prone and can make your IT environment vulnerable to cyberthreats.

  Using Windows Server Update Services, you can centralize and automate update management for Microsoft products. This helps you determine how and when to distribute updates and which machines require a specific update.

  You can also scan to discover client machines pending update installations and schedule updates without interrupting employee productivity. This approach also helps save your corporate internet bandwidth as WSUS servers use your corporate intranet to distribute updates.

  If you maintain a downstream server in a different branch location, you can allow the downstream server in your branch location to receive updates directly from Microsoft Update. With this approach, you can overcome bandwidth limitations between your central and branch locations.

  As WSUS is a server role component of Windows Server operating system, it doesn’t require additional licensing if you’ve already purchased Windows Server licenses.

• Potential limitations of WSUS

  Windows Server Update Services is known for having three primary limitations you may experience:

  1. You can only run WSUS on a Windows Server. Depending on your IT infrastructure’s scale, this may require you to purchase a significant amount of additional Windows Server licenses.
  2. While Windows Server Update Services can distribute updates for Microsoft products, its ability to support third-party software applications is limited, and distributing third-party updates with WSUS can become cumbersome.
     
  3. Windows Server Update Services doesn’t support client machines running non-Windows operating systems like Linux distributions or macOS. This implies you have to depend on additional patch management solutions to manage non-Windows machines in your IT environment.

• How to extend WSUS

  You can implement third-party patch management or update management solutions to overcome the challenges with WSUS. With this approach, you can augment, optimize, or extend WSUS functionality.

  For example, implementing an appropriate patch management solution helps improve how effectively you can manage third-party updates. Similarly, you can gain better visibility into your IT infrastructure, improve patch compliance and reporting, and manage Windows update scheduling more efficiently.

How do I change WSUS to Windows Update?

How do I turn off WSUS?

How do I stop Windows Update from WSUS?

What is replacing WSUS?