Posted: Jan. 24, 2005

A software update management system built around Windows Update Services (WUS) is architecturally identical to that of its predecessor, Software Update Services (SUS). It consists of three main components: a Web service at Microsoft that supplies software updates and their associated applicability data, one or more servers inside the organization’s firewall that download data from the Web service or a parent server, and clients running the Windows Update (WU) agent that are configured by policy to check a specific WUS server for approved, applicable software updates and install them.

The illustration shows a two-tiered system in which the child WUS server automatically downloads the software updates and software update approvals from its parent WUS server. In each tier, the WU clients are configured with Group Policy, Local Policy, or Registry settings to check with a specific WUS server for applicable software updates and, if applicable updates are found, the clients download them from the WUS server and install them. The dotted line shows an option in which the WU client can download approved software updates directly from Microsoft. This is useful in cases where the client has greater available bandwidth between it and the Internet than between it and its WUS server.