"Microsoft Software Update Services is a no-charge add-in component for Windows 2000 and Windows Server™ 2003 that is designed to greatly simplify the process of keeping computers in your organization up to date with the latest critical updates, security updates, and service packs. SUS installs a web-based application that enables administrators to quickly and reliably deploy updates to desktop and server machines running Windows 2000, Windows XP, and Windows
Server 2003. The updates can be synchronized from the live Windows Update servers and saved on the SUS server. Then, after approving only the updates you have tested and want to distribute, they can be downloaded from the SUS server by the Automatic Updates component on client machines." (http://www.microsoft.com/windowsserversystem/sus/susfaq.mspx)

In recognition of the disadvantages (risks of breaking something) of automatically updating every workstation with every Microsoft security patch, Microsoft has introduced what they call Software Update Services (SUS). SUS runs on a 2003 Server and supports Windows 2000 and XP workstations.

I encourage you to deploy only 2000 and/or XP Professional workstations throughout the entire business network. From a business perspective, there is NO network security in any Win95/98 workstation, and Microsoft is discontinuing security updates for NT 4. Only Windows 2000 and later offer any real workstation network security in a (Microsoft workstation) business environment.

To the extent that one does deploy 2000 and XP Pro workstations, either at Headquarters and/or at remote offices, it is ppossible to centrally administer security issues for all 2000 and XP Pro workstations from a single SUS 2003 Server. It is also possable to control the authentication and authorization of access to various business network resources in a very specific manner. In a
simple peer workgroup environment there is minimal control over who has access (authorization) and are they really who you think they are (authentication).

A 2003 SUS server would be a major increase in corporate and network wide security. 2003 Server with SUS allows for fully testing a security patch in an isolated environment before deployment of the patch to network workstations. This provides workstations with a more stable and consistant approach to deploying security updates when compared to the alternative of allowing each
workstation to automatically download everything, needed or not, functional on that PC or not, and not knowing what workstation has what security patch applied, if any.

©2004, Nova Business Systems, Inc. Reproduction of this article is forbidden without prior consent from Nova Business Systems, Inc.