Posted: Apr. 19, 2004

Although Microsoft is to be commended for trying to make patch management easier, more comprehensive, and free with Windows, the fact that Windows Update and the free Software Update Service (SUS) appear to do the same job as SMS (a separate server product) has caused some customer confusion. Other than the SMS 2003 Advanced Client’s use of the Background Intelligent Transfer Service (BITS)— technology first developed by the Windows Update team to download patch files in the background over Hypertext Transfer Protocol (HTTP)—SMS, Windows Update, and SUS today share very little common technology.

Microsoft positions SMS as the best patch-management tool for large enterprises, which likely need SMS’s more capable targeting and reporting capabilities, as well as its other features not geared toward patch management (such as general software distribution, software and hardware inventory, remote control, and software usage tracking). Microsoft also recommends that home users and very small businesses simply turn on Windows’ Automatic Update feature today and use the new Windows Update Service (WUS) agent when it ships later this year to automatically download and install patches. However, deciding which product to use is more complicated for small and medium-size businesses.

The confusion is compounded by the fact that the patch applicability scanners in Windows Update, Office Update, SMS 2003, and the Microsoft Baseline Security Analyzer sometimes produce results inconsistent with each other. Furthermore, Microsoft has caused consternation among SMS customers by publicly stating that all Microsoft products in the future will use WUS technology, leaving these customers to wonder whether SMS is being abandoned in favor of the Windows technology.

At its Mar. 2004 Microsoft Management Summit, the company briefed Directions on Microsoft and helped clear up some of the confusion.

In the first quarter of 2005, SMS 2003 customers will get a free update to the product’s patch scanning and distribution tools. This update will include the same scanner that will ship with WUS 2.0 and will use the same patch installation-criteria database. Both tools will be able to identify and install the same patches for Windows 2000 SP3 and newer systems, but SMS 2003 will still have better targeting and reporting features in addition to being able to perform its other functions. However, two agents—the WUS agent and the SMS agent—will be running on each SMS-managed system.

Looking out past Longhorn Server, Microsoft wants to ship a single DSI-compatible agent built into the Windows OS. This agent will be used by future versions of SMS (and System Center) and by future versions of the free Microsoft Update service and WUS server. This agent will perform a superset of the functions of today’s SMS 2003 Advanced Client. Basic patch management will remain a free service, but customers will still need SMS or System Center to harness all of the agent’s capabilities.

Microsoft did not indicate whether this agent would have a published API to allow other management products to use it, nor did it say whether it would also serve as an agent for a future version of MOM.