Microsoft Windows Server Update Services OverviewUNIXBusinessApplication

Microsoft Windows Server Update Services is the #6 ranked solution in top Patch Management tools. PeerSpot users give Microsoft Windows Server Update Services an average rating of 8.0 out of 10. Microsoft Windows Server Update Services is most commonly compared to Ivanti Patch for Windows: Microsoft Windows Server Update Services vs Ivanti Patch for Windows. Microsoft Windows Server Update Services is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Buyer's Guide

Download the Patch Management Buyer's Guide including reviews and more. Updated: November 2022

What is Microsoft Windows Server Update Services?

Microsoft Windows Server Update Services (WSUS) is a patch management tool that simplifies the administrator’s task of deploying the latest Microsoft updates. Administrators use WSUS to manage the distribution of updates released through Microsoft Update to computers in their network.

WSUS has features you can use to manage and distribute updates from a management console. The WSUS server can also be a source of updates to other servers within the organization, acting as an upstream server.

Microsoft Windows Server Update Services Use Cases

The four main use cases that WSUS adds value to businesses are:

  • Centralizes update management.
  • Automates update management.
  • Performs general patch management to ensure compliance and protect against vulnerabilities.
  • Downloads all endpoint updates from data centers to a central location and then distribute them across the organization’s network.

Microsoft Windows Server Update Services Features

This built-in server includes the following features:

  • Includes Windows PowerShell cmdlets.
  • Features client and server separation, which means you can deliver versions of the Windows Update Agent (WUA) separately from WSUS.
  • Automatic download of updates.
  • Deploy a targeted download of updates to a specific group of computers.
  • Multiple language support.
  • Advanced reporting capabilities.
  • Centralized management of network resources.

Requirements

In order to be able to use WSUS to manage and deploy updates, it is important to use a supported WSUS version, such as:

  • WSUS 10.0.14393
  • WSUS 10.0.17763
  • WSUS 6.2 and 6.3 with installed KB 3095113 and KB 3159706

Microsoft Windows Server Update Services Benefits

  • Stable.
  • Ensures servers are always patched and prevents vulnerabilities.
  • Works great for internal updating.
  • Enforces automated updates and patching for applications.
  • Because the solution is used in the cloud, clients are always using the latest version.
  • Highly scalable and configurable regardless of the organization’s layout.

Different Types of WSUS Deployments

  • Simple WSUS deployment: A server inside the corporate firewall serves clients via a private intranet. The WSUS server downloads updates by connecting to Microsoft Update. Using this model, you can configure multiple WSUS servers with a parent WSUS server.

  • Computer groups: You can use computer groups to deliver updates to specific computers. There are two basic computer groups: All Computers or Unassigned Computers. When a client first contacts the WSUS server, it is added to both. You can then create a group from the Unassigned Computers group to the new group.

  • WSUS server hierarchies: The flexibility of WSUS enables the creation of complex hierarchies of servers. To do this, you need only a single WSUS server connected to Microsoft Update. This will serve as an “upstream server,” and the connected servers as “downstream servers.”

    • You can link WSUS servers in two modes: autonomous or replica. In the autonomous mode, the upstream server shares the updates with the downstream servers but doesn’t update status or group information.

    • The upstream server shares updates, status, and group information in replica mode. You cannot administer replica servers apart from the upstream WSUS server.

Microsoft Windows Server Update Services was previously known as Windows Server Update Services, Microsoft WSUS, WSUS, Microsoft Software Update Services, Software Update Services, Microsoft SUS, SUS, MS Windows Server Update Services.

Microsoft Windows Server Update Services Video

Microsoft Windows Server Update Services Pricing Advice

What users are saying about Microsoft Windows Server Update Services pricing:
  • "The licensing of WSUS is free of charge because it comes with the Windows Server operating system, included as a feature of the operating system itself. It's simply a role that you enable within Windows Server."
  • "It doesn't need a license. It's offered for free with Microsoft."
  • Microsoft Windows Server Update Services Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    System Administrator at Confidential
    MSP
    Top 5Leaderboard
    Lets us manage all our organization's updates from a single management console
    Pros and Cons
    • "Instead of leaving each server to download their own updates, with WSUS you have a centralized management tool for all the updates alongside a log for all the servers. By creating and deploying a WSUS server that will download the updates from the internet and dispatch them to the other servers, you can have control over the entire deployment process."
    • "The main problem with WSUS is that the management console doesn't allow you to do a lot of operations. It's actually quite a primitive console, and has been since day one. In order to be more effective, you need to use another tool from Microsoft that can take advantage of WSUS and also offer you the extra features you need."

    What is our primary use case?

    As a system administrator at my organization, I use Microsoft WSUS to manage the updates for all the Microsoft products that we are using. Since WSUS is a service that handles the Microsoft updates and their deployments to a group of servers, you could technically call it patch management software.

    Just like IIS, it comes built-in with the version of Windows Server that you are using, and we are currently using WSUS on Windows Server 2022 to efficiently manage the updates on all the other servers in our organization.

    What is most valuable?

    When you're working in the IT department of an organization, you will often have to set policies regarding what users can and cannot download from the internet, especially when it comes to updates. Most updates are binary files and programs, and these are types of files that can sometimes be harmful, so an organization needs a way to prevent the downloading of these files.

    Instead of leaving each server to download their own updates, with WSUS you have a centralized management tool for all the updates alongside a log for all the servers. By creating and deploying a WSUS server that will download the updates from the internet and dispatch them to the other servers, you can have control over the entire deployment process.

    Essentially, it's like a Windows Update proxy that you absolutely need to have, as the IT department grants the WSUS server an exception to download files of any type from the internet. This is the only server with such an exception so that you can control what is entering or exiting the network with regard to updates.

    The advantage that is offered by WSUS is not only that you can manage all updates (e.g. critical updates, essential updates, feature updates, driver updates, etc.), but also that you can manage the updates per type of operating system; for example, Windows 10, Windows 11, Windows Server 2022, Windows Server 2019, and so on. It provides you a way to create classifications of types of updates per type of operating system. And all this, you can do from a single management console.

    What needs improvement?

    The main problem with WSUS is that the management console doesn't allow you to do a lot of operations. It's actually quite a primitive console, and has been since day one. In order to be more effective, you need to use another tool from Microsoft that can take advantage of WSUS and also offer you the extra features you need.

    For example, SCCM (System Center Configuration Manager) is software from Microsoft that uses WSUS and gives you many more features than you would get from using WSUS alone. To truly manage the updates of your entire environment effectively, you either need to automate the features you need with PowerShell scripts or you need to use SCCM.

    To illustrate one particular limitation of the basic WSUS management console, when you download updates with classifications per operating system, sometimes it doesn't offer you a good way to display or regroup updates that are part of a specific group. Or, as another example, if you just want to see the latest updates, the WSUS console will simply show you all the updates that are available. Microsoft uses an updating process whereby each new update will supersede the previous one, meaning it will expire the old updates, but the management console doesn't offer you a way to regroup or display only the new updates while excluding the ones that have expired. This is one of the many management features that are missing from the WSUS console.

    One other area of improvement is that when you want to add servers to use WSUS, you can't easily add or search for a server. To add a server into the management console, you need to do other things and wait until the check cycle starts, meaning that you need to wait for a while until you see the newly-added server that will be handled by the WSUS server.

    For how long have I used the solution?

    We started using Microsoft WSUS in 2015, although after a few technical problems we stopped using the service because it was causing us a lot of trouble. Later, in 2022, I redeployed a server that we now use to manage the updates for all the Microsoft products that we are using.

    Buyer's Guide
    Patch Management
    November 2022
    Find out what your peers are saying about Microsoft, HCL, Ivanti and others in Patch Management. Updated: November 2022.
    655,774 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    As one of the administrators for our WSUS server, I would say that it is very stable.

    What do I think about the scalability of the solution?

    Regarding the scalability, you can actually configure something of an ERP version of the WSUS service. For example, if you work in a company that has multiple sites and these sites are located in other states or countries, you can deploy WSUS for each site. Once you've done that, these WSUS servers will all communicate with a parent WSUS server that will then deploy updates to each child WSUS.

    Therefore, I'd say that WSUS is quite scalable since we can make servers communicate with one another, in the sense that you have one parent source that communicates with and deploys updates to each child WSUS service in a hierarchical arrangement.

    How are customer service and support?

    My rating for WSUS would be the same rating I would give the overall technical support from Microsoft, and it all depends on the criticality of the incident. Microsoft will sometimes call you within 24-48 hours depending on the urgency of your request, and most of the time, Microsoft support does a good job.

    Which solution did I use previously and why did I switch?

    We haven't used any other solution for this type of process as there are no other products that offer the same service, because Windows Update is part of the Windows Server operating system. It is like a black box that nobody knows anything about and you aren't provided with any tools that can offer the same job that the WSUS server does.

    How was the initial setup?

    Setting up WSUS is quite easy, but the installation itself is just a feature you can enable in your server. If you really want to use it well, you need to do extra configuration tasks, not only in the WSUS server but also in the Active Directory server. You will typically have to create a few network group policies and other configurations in addition to setting up WSUS itself.

    What about the implementation team?

    I was responsible for deploying our current WSUS server, but we are still in the testing stage. We haven't yet deployed WSUS to be used in a production environment at all, since we are still adding in servers one by one, testing everything as we go along.

    What's my experience with pricing, setup cost, and licensing?

    The licensing of WSUS is free of charge because it comes with the Windows Server operating system, included as a feature of the operating system itself. It's simply a role that you enable within Windows Server. Technically, we are only a customer of Microsoft and not a customer of WSUS.

    For example, if your license for the Windows Server 2022 operating system costs, let's say, $400, then this license will include WSUS and all the other features of the Windows Server operating system (like IIS, etc.). So, ultimately, to speak of the licensing of WSUS, you have to refer to the price of the server license and what kind of contract you have with Microsoft. If you rent, it's a rental license contract, or otherwise you might go with a volume license contract.

    Suppose a corporation wants you to buy a number of licenses, and you opt for a group of individual licenses at a price of, for example, $200 per license. If you want to deploy 50 servers, you will need to buy 50 licenses. This method of licensing is very expensive and it will cost far too much to be reasonable. That's why Microsoft offers what are called "volume license" packages.

    With volume licensing, Microsoft gives you a discount if you buy a large number of licenses. But with the volume type of licensing, you are not able to get upgrades for the next version, such that if you currently have Windows 10 or Windows Server 2019, you can't upgrade to Windows 11 or Windows Server 2022, respectively. Although these licenses are perpetual, you will be stuck with the same version.

    The better option is to go for a rental contract, which means that you merely rent a certain number of licenses each year, and these licenses won't expire unless the contract expires (at which point you lose access to the portal where you can download operating systems and other applications along with their licenses). Importantly, these licenses give you the ability to do upgrades from one version to another. For as long as you are on a rental contract, you will pay an amount of money depending on the type of software you want to rent (e.g. Windows Server, Microsoft SQL Server, Windows 10, Windows 11, Office 365, Visual Studio, etc.), and you will always be able to upgrade from one version to another.

    This is just a basic overview of the licensing models from Microsoft; the details are much more complicated.

    What other advice do I have?

    One piece of advice I can give is that it's important to acknowledge that, sometimes, updates can bring their own problems. For example, when you install an update, you need to wait until the computer restarts, and in some cases updates can cause the computer to crash. The crash may even be so severe that you need to reformat the machine and, thus, you lose your data.

    When talking about other administrators who are wondering about whether to use WSUS, I can confirm that it's a very good tool. And, if you're also using SCCM, WSUS is even better because SCCM will give you a lot of features that are not provided by the basic version of WSUS.

    If you want to deploy updates with WSUS, you must remember that it's always best to deploy only the security updates and critical updates that are recommended by Microsoft, because other types of updates such as essential updates, driver updates, and feature updates can sometimes cause instabilities in the system.

    And sometimes these extra updates can cause problems with other products. For example, you can sometimes disrupt another product from Microsoft by installing an independent system update that will cause, for example, the mailing service to malfunction. You always need to be sure to do backups of the servers before using WSUS to perform updates.

    Finally, there are a few other things that you will need to know in order to run an effective WSUS server, such as how to work with Active Directory. With Active Directory, you can more easily configure which servers will use the WSUS and which ones will not. For example, if you want the servers to perform updates through WSUS, you need to set this option in the Active Directory server. If, instead, you want the leave the computers to get their updates from the internet directly, you will also need to set this up in Active Directory. To do all this, you need to have at least a minimum amount of knowledge in creating group policies, security policies, and so on.

    I would rate Microsoft WSUS an honest eight out of ten, because even though some of the features are lacking, it handles the basic stuff very well.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Manager at Stark International
    Real User
    Top 5Leaderboard
    Good centralized management and merging capabilities with helpful technical support
    Pros and Cons
    • "The performance has been okay."
    • "A few bugs need to be figured out for the security side."

    What is our primary use case?

    It is being used both in my company as well as in my client's companies. We work on the basis of customer demand and whether they go for Windows or Linux. 60% of users use Microsoft since it's user-friendly and if they want the capability of maintaining the servers over the CLI then they tend to prefer Windows.

    What is most valuable?

    The centralized management and merging capabilities are useful. Windows users can switch from open access to data from the Linux servers. 

    The various security updates are good for the users as well as the organizations it helps keep the solution safe.

    The performance has been okay.

    Technical support is responsive.

    It can scale. 

    What needs improvement?

    A few bugs need to be figured out for the security side. A few of the bugs are not even fixed completely on a full scale, and sometimes that will be tough. If a client is not maintaining proper network security, their data will be breached. The security updates need to be released regularly from Microsoft so that there won't be any loopholes in the OS.

    The initial setup may be a bit difficult for beginners. 

    The solution is costly.

    When we shift onto the graphical user interface, there'll be a bit of a lack of processing speed as there are a number of graphics included in the OS when we shift to the GUI. We'd like CLI and GUI to be equally responsive. Many users prefer the GUI, yet then they suffer from less performance due to the graphics.

    What do I think about the stability of the solution?

    The performance is okay. I would rate it seven out of ten in terms of stability. There sometimes are bugs in the product.

    What do I think about the scalability of the solution?

    The solution can scale. 

    We have medium-sized to enterprise-level organizations. We also use the solution for smaller organizations that would like the cloud to save costs on IT infrastructure. 

    We work with 250 or more companies that use this solution.

    How are customer service and support?

    Technical support responds spontaneously if you raise any tickets or queries regarding to the products. I raise a fewer number of queries to technical support since we are the engineers. We tend to go to the client and fix issues. In the case of major issues, we'd reach out to technical support, and they respond spontaneously within 24 hours.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We previously used Linux servers. We switched based on client requirements as they wanted a user-friendly service even with engineers assisting them.

    How was the initial setup?

    For beginners, it might be a bit complex to set up the solution. However, with well-experienced guides like engineers, it would be easy for them to fix the infrastructure and deploy these Windows servers.

    What's my experience with pricing, setup cost, and licensing?

    It is a bit expensive. 

    The cost would be taken care of by my accounts team, so I'm not that involved in licensing. That said, to my knowledge, it's a bit expensive. If any clients want to implement their infrastructure to be run on Microsoft, then they need to purchase every license for each service. If the client wants to go for a Windows server, they need a license for the client machines and a license if they want to operate a Mail Exchange server. If all this could become bundled into one thing where small-scale industries and medium-scale industries can buy it as one item, that would be ideal. 

    What other advice do I have?

    I'm a consultant as well as a Microsoft-certified system engineer. We are Microsoft partners.

    Most likely, all my clients would prefer an on-premises deployment. They want the data to be secure as they likely have confidential data regarding their users, as well as the company's data, would be on their servers. 

    That said, a few clients would prefer cloud services like AWS. It totally depends upon the clients and what they would like to go for and whether they be like to invest on the on-premises or if they would like to go for a cloud to cut costs.

    Most people are moving onto the Linux side, where they feel more secure, however, compared with the admin agents who are not well-versed at the CLI level, many prefer the Windows server, which is the alternative. People should remember that though there is a graphical user interface for Windows Server, they can still operate in CLI mode, which would be very fast, and very similar to a Linux OS.

    I'd rate the solution eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Patch Management
    November 2022
    Find out what your peers are saying about Microsoft, HCL, Ivanti and others in Patch Management. Updated: November 2022.
    655,774 professionals have used our research since 2012.
    Julio Orihuela - PeerSpot reviewer
    Computer network and Data Center administrator at a sports company with 1,001-5,000 employees
    Real User
    Top 10
    Stable with good patching and good internal updating
    Pros and Cons
    • "The most important aspect is that we can centrally deploy the updates that are necessary for the organization. It's important."
    • "The reporting is not as practical as I would like it to be."

    What is our primary use case?

    We primarily use the solution for internal updates. What happened is that one of our equipment items had a problem with a new Windows update and so we have to uninstall this update. We were looking for ways to do it centrally. There were some Lenovo boxes that were restarting automatically and we had to take out these updates.

    What is most valuable?

    The most important aspect is that we can centrally deploy the updates that are necessary for the organization. It's important. The solution is great for internal updates.

    The solution has very good patches. They recently released one for Chrome, which was quite helpful.

    We've found the stability to be pretty good.

    What needs improvement?

    It's not always easy to set up.

    Their Local Group Policy works well for the Microsoft environment, however, we need it or other software as well. We've realized that we have to pay. We have to buy extra items in order to access this catalog of different updates.

    The reporting is not as practical as I would like it to be. It's something that I would like them to improve in future releases.

    It would be nice if there were more alerts to let us know what is missing. It would be nice if there was an integration with the main server and with the active directory so that I can receive the necessary alerts. It would be good to know which equipment is connected to the directory and which are behind schedule with updates. 

    For how long have I used the solution?

    I just started using the solution this year, and therefore I've only used it for the last couple of months. However, in this office, they have been using it thing for a couple of years, at least. 

    What do I think about the stability of the solution?

    The solution is quite stable. It's reliable. There are no bugs or glitches. It doesn't crash or freeze. As long as it can help us manage the data, it's good. 

    What do I think about the scalability of the solution?

    I cannot speak to the scalability. I have never tried to scale the solution.

    How are customer service and technical support?

    I've never been in touch with technical support. I cannot speak to how helpful or responsive they are.

    How was the initial setup?

    The initial setup isn't easy to set up. However, it's not necessarily always hard, either. It has a moderate amount of difficulty.

    In our case, we had remote offices to set up in different cities. We have not yet implemented interconnection between these offices. Each office has its own server, its own Windows environment. We have this implemented in our central office, and I would like it across all of our remote offices as well. I'm not sure how long that will take. I'm just beginning to dive into that.

    What other advice do I have?

    We are just a customer and an end-user.

    I'm not sure of which version of the solution we're using.

    I'd advise new potential users to implement the product and to regularly check on it. We have some equipment that is not being updated. That's on us. It's necessary, however, to implement constant evaluations for which equipment is actually connected to the solution.

    I'd rate the solution at an eight out of ten overall. We're mostly quite happy with the product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Technology Consultant at a computer software company with 10,001+ employees
    Real User
    Top 5
    Scalable and useful for implementing patches
    Pros and Cons
    • "A valuable feature about this solution is that it enforces an updating and patching process for my applications."
    • "This solution's deployment could be improved. When I was the admin, there were some problems when deploying to clients. Sometimes the policy is not effective. I guess, more on the reliability side, more reliable means working more often with the clients. It could be easier to deploy."

    What is our primary use case?

    My primary use case of Microsoft Windows Server Update Services is to enforce patching for applications. I act as the client, not the server admin. If, let's say, my laptop has not restarted frequently, this solution will force me to take a couple of minutes to restart. This solution is deployed on cloud, so I'm always using the latest version. 

    What is most valuable?

    A valuable feature about this solution is that it enforces an updating and patching process for my applications. 

    What needs improvement?

    This solution's deployment could be improved. When I was the admin, there were some problems when deploying to clients. Sometimes the policy is not effective. I guess, more on the reliability side, more reliable means working more often with the clients. It could be easier to deploy. 

    For how long have I used the solution?

    I have been using this solution for the duration of time I've been in my company. 

    What do I think about the stability of the solution?

    This solution is stable. 

    What do I think about the scalability of the solution?

    This product is scalable. In my organization, there are about 600,000 people using Microsoft Windows Server

    How are customer service and support?

    I have never contacted Microsoft support. 

    Which solution did I use previously and why did I switch?

    I didn't use another patch management solution before Microsoft Windows Server

    How was the initial setup?

    We had a lot of issues during deployment. I remember when we first deployed this solution, it didn't work, so we had to retry, we had to troubleshoot, and then after we finally got it, we could only partially use it. It would be great if the process were more simple so that we could deploy it on the first try to hundreds and thousands of clients. I don't remember the time duration of the installation or how big our deployment team was. 

    What about the implementation team?

    We implemented through an in-house team. 

    What's my experience with pricing, setup cost, and licensing?

    For licensing, I think it's on a framework contract. I'd guess my CIO would know, but I didn't buy my license—it's by default on my PC. 

    Which other solutions did I evaluate?

    I evaluated BigFix as part of my research, but I haven't used it. 

    What other advice do I have?

    As an end user, I rate this solution a 10 out of 10. I've had no issues so far. 

    I'm not sure if I can recommend this solution because I don't know what the alternatives are, so I have no experience in an alternative solution. It could be the case that BigFix is better. 

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    IslamElsherpieny - PeerSpot reviewer
    Network Security Engineer at a tech services company with 11-50 employees
    Real User
    Top 10
    Easy to expand with good filtering and helpful support
    Pros and Cons
    • "It is a scalable solution."
    • "The product must integrate with third-party applications."

    What is our primary use case?

    The solution is used for Microsoft updates and you can file the updates that you want to use.

    How has it helped my organization?

    Every time we need to install our security updates and critical updates, we use this software so that we don't load the bandwidth.

    What is most valuable?

    I like that I can filter for critical and security updates.

    The dashboard is okay.

    The initial setup is easy.

    It is a scalable solution. 

    I have found the product to be stable. 

    Support is helpful.

    What needs improvement?

    The customization capabilities could be improved. 

    The product must integrate with third-party applications. I'd like to use the product to verify third-party updates as well as Microsoft updates.

    For how long have I used the solution?

    I've used the solution for about three years. 

    What do I think about the stability of the solution?

    My understanding is that it is a stable product. We didn't have any issues with it overall. I don't recall coming across bugs or glitches and I don't recall it crashing or freezing.

    What do I think about the scalability of the solution?

    The solution scales very well. If a company wants to expand, it can do so.

    About 100 people in our organization use the solution currently.

    How are customer service and support?

    Technical support is very helpful and responsive. We have been satisfied with their help.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    We have found the implementation to be pretty straightforward and simple. It is not a difficult or ultimately complex process. I'd rate the experience a three out of five in terms of ease of deployment. I can't remember exactly how long it took to deploy.

    You only need about two to three people to handle deployment and maintenance. They handle planning and infrastructure.

    What about the implementation team?

    I'm working in a personal service company, so I asked my team to handle the implementation process. It was done in-house.

    What's my experience with pricing, setup cost, and licensing?

    I can't speak to how much the solution costs.

    What other advice do I have?

    We're Microsoft partners.

    I'm using the solution via a third-party application.

    We are a professional service company. Our field is information technology. We use a third-party application to make updates.

    I'd recommend the solution to others.

    I would rate the solution eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    IT Systems Administrator at a tech services company with 1-10 employees
    Real User
    Top 5Leaderboard
    Faithfully delivers updates to endpoints; offers the option to create multiple downstream servers
    Pros and Cons
    • "Provides the ability to create multiple downstream servers."
    • "User interface is outdated and not user-friendly."

    What is our primary use case?

    We use WSUS on a host in our main data center so that all the Windows and the endpoint updates are downloaded to a central location before being distributed to the endpoints through our local network. The aim is to avoid the endpoint downloading the update directly from the internet and killing the office bandwidth.

    What is most valuable?

    This product provides the option to create multiple downstream servers. If the infrastructure is distributed to different sites or different countries, you can create a structure where the upstream server downloads all the updates using the specific internal connection, and then distributes those updates to the downstream servers at a scheduled time when the workload is minimal. 

    What needs improvement?

    The interface is not user-friendly. It looks like Windows 98 and it needs a different format, maybe something web-based, or perhaps it's time to rebuild from scratch. It needs to be something that provides clear options and should include an FAQ section to help provide some answers without having to search Google or contact technical support. 

    For how long have I used the solution?

    I've been using this solution for about three years. 

    What do I think about the stability of the solution?

    This solution delivers updates to the endpoint. We worry about server stability but not the endpoints. If there are any issues we can manage without it functioning at peak level.

    What do I think about the scalability of the solution?

    The solution is very scalable. You can add servers as needed and add batches of endpoints to it. 

    How was the initial setup?

    The initial setup is difficult. It's easier if you don't need downstream servers but if you want to do it properly and securely and have the packages distributed without any interference, it's a little bit complex. To configure it from scratch for 1,000 endpoints, can take up to three days.

    What's my experience with pricing, setup cost, and licensing?

    When purchasing the operating system, WSUS is included in the price of the product.

    What other advice do I have?

    It's important to monitor bandwidth usage and traffic that might be blocked on the firewalls.

    This is a good product and it does its job but it's quite complex to configure, implement, and maintain, and the interface is terrible, so I rate it eight out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Soroush-Enayati - PeerSpot reviewer
    Network security engineer at freelancer
    Real User
    Top 10
    A a computer program and network service with a useful evaluation feature, but connectivity could be better
    Pros and Cons
    • "I like that we could evaluate every client and compare some weaknesses and vulnerability exploits in Microsoft Windows Server Update Services. This is a useful way to test applications against an attacker attempting to exploit the operating system."
    • "In the next release, I would like them to provide better connectivity. They must improve the connectivity between the WSS with Microsoft or the client."

    What is our primary use case?

    I often use Microsoft Windows Server Update Services for updates and loyalty patch management.

    What is most valuable?

    I like that we could evaluate every client and compare some weaknesses and vulnerability exploits in Microsoft Windows Server Update Services. This is a useful way to test applications against an attacker attempting to exploit the operating system.

    What needs improvement?

    In the next release, I would like them to provide better connectivity. They must improve the connectivity between the WSS with Microsoft or the client.

    For how long have I used the solution?

    I have been using Microsoft Windows Server Update Services for a couple of years.

    What do I think about the stability of the solution?

    Microsoft Windows Server Update Services is a stable solution. However, there have been some problems with the Microsoft update. We had to do some maintenance before restarting the WSS service or checking the connection between the OS and Microsoft accounts.

    What do I think about the scalability of the solution?

    Microsoft Windows Server Update Services is very scalable. It could be deployed on the network with even 1,000 clients. At present, we have about 10,000 users. 

    How was the initial setup?

    The initial setup wasn't complex. It's easy. I think that it could be run in one day. It needs weekly or sometimes daily maintenance to check and update the signature or to check and get the update via Microsoft.

    What about the implementation team?

    We implemented this solution.

    What's my experience with pricing, setup cost, and licensing?

    It doesn't need a license. It's offered for free with Microsoft.

    What other advice do I have?

    I would recommend this solution to potential users as it's a vital service in every network.

    On a scale from one to ten, I would give Microsoft Windows Server Update Services a seven. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Lead - Global IT Networks at a recruiting/HR firm with 10,001+ employees
    Real User
    Stable and straightforward solution that allows complete network visibility
    Pros and Cons
    • "Setup is very simple and straightforward."
    • "Some issues with scalability in larger organizations."

    What is our primary use case?

    My primary use case is general patch management, to make sure that when Microsoft releases patches, we test and deploy them within the timelines. The solution also ensures that we are compliant and protected against vulnerabilities.

    What is most valuable?

    The most valuable feature is the ability to check whether users working from home are on the domain or not, allowing us complete visibility of the endpoints that are connecting to our network.

    What needs improvement?

    One area for improvement is that WSUS does not give 100% accuracy, so you cannot be completely certain that all of your systems are fully patched. There are always 5-10% of your systems that have not been updated with the correct patches, which is an open gate for security threats. I also think that the product needs a better utility and report mechanism. In the next release, I would like to see better compatibility for non-Windows servers and tools.

    For how long have I used the solution?

    I've been working with this solution for a year.

    What do I think about the stability of the solution?

    Functionality-wise, WSUS meets our requirements.

    What do I think about the scalability of the solution?

    There are some issues with scalability in larger organizations, as WSUS may not cover 100% of their endpoints. 

    How was the initial setup?

    Setup is very simple and straightforward.

    What other advice do I have?

    Currently, I'm looking at other solutions because the enrolment we have is not boundary-defined, so we require a product with total remote infrastructure management, vulnerability assessment, and complete control of the system built in. For best results with WSUS, you need to keep close track of things with regular function checklists. I would rate this product as eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Patch Management Report and find out what your peers are saying about Microsoft, HCL, Ivanti, and more!
    Updated: November 2022
    Product Categories
    Patch Management
    Buyer's Guide
    Download our free Patch Management Report and find out what your peers are saying about Microsoft, HCL, Ivanti, and more!