Skip to Main Content

Ask IT FAQs

UW-specific

WSUS (Windows Server Update Service) Frequently Asked Questions

Windows Server Update Services (WSUS) is a tool for central management and distribution of critical Windows and Office patches as well as updates. Patches and updates will be provided for Microsoft Windows XP Service Pack 3 and higher operating systems and Microsoft Office XP SP3 and higher.

Further information on WSUS can be found at www.microsoft.com/windowsserversystem/updateservices/evaluation/faqs.mspx.

How does WSUS work?

There are many components to WSUS, but basically it is a client/server application. The server piece is responsible for synchronizing with the Microsoft Update servers, providing those updates that are administratively approved to clients on campus, and logging transactions between the clients and the server. The client piece is responsible for querying the server to see if there are new updates available, downloading those updates, and then installing them on the administratively determined schedule.  

More specifically, a service runs on a server maintained by Information Technology (IT) that automatically synchronizes with the Microsoft Update servers. Updates that are digitally signed by Microsoft are downloaded to a local repository. Once the server has synchronized and downloaded new updates from Microsoft, they are ready to be approved. An administrator tests them and determines their suitability for campus. Suitable updates are approved on the server and at that point are ready for client computers to download. During the day, client computers will poll the server and download the approved updates that are appropriate for them. Once the updates are downloaded, the client computer will automatically install them based on a predetermined schedule.

Who is WSUS intended for?

WSUS is intended for Windows XP SP3, Windows Vista, and Windows 7 desktop computers that are members of the windows.uwyo.edu (UWYO) domain, with a few exceptions. When specific conditions are met, Automatic Updates may reboot a computer; therefore, a computer that provides a service that must be available 24x7 without interruption should not participate in this program. Computers that do not participate in WSUS should be updated manually on a regular basis using Microsoft’s update utilities.

What happens if I choose not to reboot my computer right away but then forget to do it later?

A computer that has not been restarted after Automatic Updates requested this will not finish installing the updates nor will it receive future updates from the WSUS server again until a restart occurs. This means that your computer will not continue to be kept up-to-date and secure until it is restarted. After you restart your computer, the service will return to normal operation.

Additionally, IT has the ability to monitor patches and may contact the client if it is obvious there are problems with patch installation.

What do I need to do to opt my windows.uwyo.edu domain computer out of WSUS?

Contact the IT Help Desk, and they can assist you in opting out of WSUS.

What do I need to do to opt my windows.uwyo.edu domain computer in to WSUS?

By default, all computers which are part of the windows.uwyo.edu domain automatically participate in the WSUS service, unless someone specifically requests that the computer be opted out. If you believe that the computer you use has been mistakenly opted out, contact the IT Help Desk, and they can assist you in opting in to WSUS.

Can my non-windows.uwyo.edu domain computer take part in WSUS?

No. At this time, WSUS is not available to computers that are not part of the windows.uwyo.edu domain, since they cannot be automatically configured. Computers that do not participate in WSUS should be updated manually on a regular basis using Microsoft’s update utilities.

Why are my Automatic Updates settings disabled?

Once the Automatic Updates settings are set via Group Policy for WSUS participation, they can no longer be configured from the Automatic Updates user interface.

I like going to Windows Update. Can I still do that?

Absolutely. This service will not prevent you from accessing the Windows Update website, http://windowsupdate.microsoft.com,  in any way.

Once my computer is a part of WSUS, what can I do to make this work smoothly?

  1. Always leave your computer on.
     
  2. Log off instead of leaving the computer locked when you leave for the day.
     
  3. Proactively check the System Event Log for Automatic Updates Errors (a red stop sign looking icon in the event log with a white X on it). Report these kinds of errors to the IT Help Desk, so that they can work with you to get them resolved quickly.

What kinds of updates does WSUS distribute?

WSUS distributes Microsoft critical updates, definition updates (i.e. for Microsoft Outlook junk email filters and Windows Defender), security updates, update rollups, service packs, and specific tools like the Malicious Software Removal Tool.

Updates and service packs will be distributed for IT supported Windows operating systems, Microsoft Office, Expression Web, .NET, Project, and Visio. Though patches for additional Microsoft software such as SQL Express Edition, Forefront, and XML may be distributed by WSUS, this software is not supported by IT, and IT cannot guarantee that all applicable patches will be distributed to campus. Therefore, IT does not recommend that individuals running unsupported Microsoft software rely solely on WSUS to keep their computers up-to-date and secure.

Can other types of files, updates, or services (non-Microsoft) be pushed to my computer through WSUS?

No. Only packages that have been digitally signed by Microsoft can be distributed by WSUS.

What if an update causes an application on my computer not to function?

Though all approved updates go through an internal quality assurance process, IT cannot  account for all of the software in use on campus, particularly, in cases where the software is not supported by IT. If an application is not functioning on your computer and you believe that the problem was caused by the installation of a new update through WSUS, contact the IT Help Desk immediately to discuss the problem. If it is a Windows patch that caused the problem, it is likely that others are experiencing the same difficulties, and there may already be a fix in place.

An Automatic Updates window tells me "Your updates have been installed successfully. To complete installation you must restart your computer. Do you want to restart your computer now?" What does this mean, and what should I do?

Automatic Updates restart window

When this window appears, it means that an update that required a reboot was installed by the WSUS server, and your computer must be restarted to finish the installation process. Clicking the Yes button will restart your computer immediately, so make sure you save your work before clicking this button. Clicking the No button will cancel the restart.  Be aware that if the restart is canceled, you must remember to restart your computer manually as soon as it is more convenient for you to do so in order to complete the installation and continue to have your computer updated automatically.

What are the minimum system requirements to participate in WSUS?

You must have at least Windows XP Service Pack 3 or higher to participate in WSUS. If you are unsure of the Service Pack level of your computer, please go to How to Determine a Windows Computer's Service Pack Level (www.uwyo.edu/askit/displaydoc.asp?askitdocid=242&parentid=1). If you do not have Windows XP SP2 or higher installed, contact your IT user consultant to discuss an upgrade. The computer must also be a member of the windows.uwyo.edu domain. If you are unsure of the domain your computer belongs to, see How to Determine a Computer's Name and Domain (www.uwyo.edu/askit/displaydoc.asp?askitdocid=241&parentid=1) for instructions on determining the name of your computer and the domain to which it belongs.

How can I determine what domain my computer belongs to?

If you are unsure of the domain your computer belongs to, see  How to Determine a Computer's Name and Domain (www.uwyo.edu/askit/displaydoc.asp?askitdocid=241&parentid=1) for instructions on determining the name of your computer and its domain.

How can I determine what Service Pack is installed on my computer?

If you are unsure of the Service Pack level of your computer, please go to How to Determine a Windows Computer's Service Pack Level (www.uwyo.edu/askit/displaydoc.asp?askitdocid=242&parentid=1).

What operating systems is WSUS supported for?

WSUS is supported for Windows XP Service Pack 3, Windows Vista, and Windows 7 operating systems.

The following Operating Systems are no longer supported by Microsoft and therefore they are no longer safe to run on campus (because they don’t get security patches or updates necessary to protect computers from malicious attacks).

  • All Windows 2000 Operating Systems
  • All Windows XP Tablet Edition Operating Systems.

Important Note: This list may not be comprehensive. Microsoft discontinues support of older Operating Systems on a regular basis. To verify the current status of a any OS please visit the following Microsoft sites:
http://windows.microsoft.com/en-us/windows/products/lifecycle
http://support.microsoft.com/lifecycle/search/default.aspx

Please contact the IT Helpdesk at 766-4357, option 1,  if you have an out-of-support Operating System to determine what your options are.

How does Automatic Updates / WSUS decide to reboot a computer?

When an update requires a restart, Automatic Updates / WSUS will determine whether or not to reboot a computer based on the security level of the user currently logged on to the computer. When an update requires a restart, it is very important that it occurs in a timely manner. Until the restart occurs, the computer will not be able to download and install additional updates.

All user accounts will receive the following message: "Your updates have been installed successfully. To complete installation you must restart your computer. Do you want to restart your computer now?" The options the user will have in restarting the computer or not depends on the security level of the account as follows.

Administrator Account:

An account with administrative access will receive a restart notification that will allow the user to initiate the restart or postpone it. This notification does not have a countdown timer; therefore, the user must initiate the system restart.

Automatic Updates restart window

User Account:

Any account that does not have administrative privileges on a computer will receive a restart notification that will allow the user to initiate the restart but will not allow the user to postpone it. This notification does not have a countdown timer; therefore, the user must initiate the system restart.

Automatic Updates restart window

User Account without Restart Privileges (very rare case):

Any account that does not have administrative privileges on a computer and that does not have restart privileges will receive a restart  notification that does not allow the user to initiate the restart or postpone it. This notification does not have a countdown timer; therefore, the user must log off of the computer which will allow it to restart automatically or wait for an authorized user to initiate the system restart.

Automatic Updates restart window

No Account Logged On:

If no account is logged on to a computer, the computer will restart automatically following the installation of the updates. No restart notification will be present. This configuration is the least imposing option for users, as there is no user intervention necessary. Be aware that locking the computer is not the same as logging off. A locked computer will not automatically restart, as Automatic Updates detects that the computer is still in use.

I have a UWYO domain account, but my computer does not belong to the windows.uwyo.edu domain. Will it receive updates through WSUS?

No. WSUS participation is based on the computer account and its domain membership and not a user's personal domain account. WSUS updates are only deployed to computers that are members of the windows.uwyo.edu domain. If your UW-owned computer is not on the windows.uwyo.edu domain, contact  the IT Help Desk for assistance in joining your computer to the domain.

I log onto the UW Network from my home computer. Will my home computer receive updates from WSUS?

IT does not allow for personally-owned home computers to join the windows.uwyo.edu domain. However, if you work from home on a UW-owned computer, and if the computer is a member of the windows.uwyo.edu domain, it may receive updates from WSUS. However, as this process cannot be guaranteed or supported in the home environment due to differences in network providers, speed of connections, etc., it is recommended that you contact your IT user consultant to opt out of WSUS for this system. For computers that have been opted out of  WSUS, see How to Install and Run Windows Automatic Updates (www.uwyo.edu/askit/displaydoc.asp?askitdocid=181&parentid=1) for information on updating your computer and keeping it current through the Windows Update site and Automatic Updates.

I realize that IT recommends that servers should not participate in WSUS. What if I choose to have my server participate anyway?

If you choose to have your computer running a server operating system take part in WSUS, against IT recommendation, please be aware of the following:

  1. IT does not support server operating systems. Support for problems with patches will have to be handled directly with Microsoft on a Pay-Per-Incident basis.
     
  2. The server will be automatically restarted, when necessary, to complete installation of patches.
     
  3. Servers may not get complete patch coverage as there are many server applications that WSUS does not provide patches for.

Will WSUS work if I exclusively connect to UW through the UW Wireless Network?

No. WSUS will not work as intended if a user connects exclusively via UW Wireless. Using wireless, various problems can arise with campus applications that rely on services, timing, and connection properties that are only available consistently through a wired connection to campus. The wireless network is not a replacement for the campus wired network, and as such, is not recommended nor will it be supported as an alternative to wired access.

My computer has been turned off for a long time. Should I just turn it back on and let WSUS take care of patching it?

It is recommended that you visit http://windowsupdate.microsoft.com, and install all listed Critical Updates as soon as you first turn it on. A computer that has been turned off for a long period of time will connect to the WSUS server to download and install available updates at some point after it is turned back on. However, there can be delays in this process, which leaves your computer vulnerable to many network security risks. Using the Windows Update Web site to patch your computer will ensure that you are protected immediately. Once your computer is up-to-date, you can let WSUS take over again for any future updates.

How does WSUS handle the load of all the client computers connecting to it?

Load balancing is actually handled by the Automatic Updates client. Every 22 hours minus a random offset, the Automatic Updates client computers will poll the WSUS server for approved updates to install. The random offset helps ensure that all the client computers do not try to talk to the server at the same time.

When updates are installed to my computer from WSUS, will it cause problems with other network applications I have running?

The client computer downloads updates from WSUS using a technology called Background Intelligent Transfer Service (BITS). BITS uses idle network bandwidth to transfer data, so regardless of the size or number of updates required, downloading them should not interfere with other network activities being run on a client computer.

When are updates downloaded to my computer?

Updates are downloaded to computers that are part of the UWYO domain on the third Tuesday of each month.

If I don’t do anything, when will my computer be forced to reboot?

Outstanding patches from the previous month will be installed automatically starting on the second Tuesday of each month. If you choose to wait for the automatic installation, these are the steps you will need to follow the night before:

  1. Save and close all documents
  2. Close all applications including email
  3. Log out of the Windows Operating System
  4. Leave the computer turned on overnight

I want to save energy and don't want to leave my computer on overnight. Can I update my computer another way?

Yes. As an alternative to leaving your computer on overnight, you can go directly to the Microsoft Update page and begin the process of checking for needed updates and immediately start installing them. The utilities that are located there will continue to check your system until all updates have been applied.

If WSUS sends out updates in the middle of the night, how will I get updates if I turn off my computer every night?

The next time you shut down your computer, updates will automatically install.  A taskbar icon indicates when WSUS updates are pending. Users who missed an overnight update can manually start the WSUS update by clicking on the WSUS icon – or else wait till the next time they shut down their computer.

Would it be better to just use Microsoft Update instead of WSUS?

No. There are several advantages of using WSUS:

  • Internet usage is reduced dramatically when patches are delivered from a local machine.
  • UW can test and control what patches and updates are delivered.
  • WSUS is used to update and patch other software beyond what is available via Microsoft Update.

Reviewed: 0912 By: MD

Additional help with the installation and configuration of
UW-supported software is available:
Faculty/Staff
Contact the IT Help Desk at 766-HELP (4357), option 1
Email UserHelp@uwyo.edu
Contact your IT user consultant
(www.uwyo.edu/infotech/services/helpdesk/uc/)

Students
Email ASU-IT@uwyo.edu
Contact the IT Help Desk at 766-HELP (4357), option 1
Come to the student computer lab in the lobby of the
Information Technology Center.

Footer Navigation

University of Wyoming
 
1000 E. University Ave. Laramie, WY 82071 // UW Operators (307) 766-1121 // Contact Us