Finally Retiring the Closet Genius Blog (Updated)

This blog is inactive but will remain online so old posts show up in Bing searches ;)

I'm actively blogging over at TechNet. However, my target audience is limited to ten Microsoft enterprise clients in the KC Metro area. If you're still interested - my new blog URL is http://blogs.technet.com/jcent

Thanks for reading.



The Blogoshpere is Listening - SUS v1 Usage Dropping

I’m not seriously taking credit for this, but new information has come to light that says SUS v1 usage is declining. So, if you’re one of those people who upgraded to WSUS recently – give yourself a pat on the back. If you’re still on the fence, I hope it’s not barbed wire :P

And while I have your attention, a little piece of info regarding WSUS 3.0 Beta 2. I noticed my test server wasn’t synchronizing Exchange IMF updates, which has enabled much more SPAM to find my inbox. I filed a bug on Connect and found out this is a known issue. The most recent IMF update available via WSUS 3.0 Beta 2 is dated 5/11/2006. By contrast, WSUS 2.0 (or just plain WSUS if you prefer) is hosting an IMF update dated 8/10/2006. Just another reminder that this beta, like all betas, should be deployed with care.


Still running SUS? Migrate Now!

I heard a startling fact today – the number of SUS servers synchronizing with Microsoft has actually gone up in recent months.  Yes, you read that right…SUS (the v1 product that’s not even available for download anymore) is increasing in popularity.

Here’s the really scary part – Microsoft will stop delivering updates to SUS servers on December 6, 2006 (official link).  This means all clients and servers that pull updates from SUS will go unpatched unless someone takes action soon.  Last time I checked December 6th is less than 4 months away.  Furthermore, the fact that December’s Patch Tuesday falls on the 12th means that SUS admins really only have 3 months to migrate to WSUS.

OK – now for some good news.  Upgrading to WSUS is about as straightforward as it gets.  Microsoft even provides a Step-by-Step Guide to walk you through the upgrade.  Since WSUS is free, and has similar hardware/software requirements to SUS, there really isn’t any reason NOT to upgrade.  If you can think of one, feel free to leave a comment and we’ll chat :P  Or better yet, just check out the WSUS FAQ and get on with the upgrade.


Upgrading to WSUS 3.0 Beta 2

OK, this post is all about the WSUS upgrade experience.  Before we go forward it’s important to reiterate the importance of only upgrading lab/test servers.  Enough said.

In-Place Upgrades Fully Supported

Up to this point in the beta I’ve mainly focused my testing on clean installs.  Granted, I’ve been looking at WSUS 3.0 builds for quite a while… and the time to test upgrades usually occurs around Beta 2.  So – no time like the present.

Upgrade-01 Upgrade-02 Upgrade-03 Upgrade-04

Tonight I upgraded one of my test VMs from WSUS 2.0 SP1 (build to 3.0 Beta 2.  Everything upgraded just fine – and I was pleasantly surprised that all my 2.0 settings were maintained.  For instance, I never sync drivers (just a personal preference) and only specify certain product categories.  The post-upgrade configuration wizard allows you to select these and many other options, as you can see in the screen shots below.

Upgrade-18 Upgrade-19

Furthermore, both upgrades and clean installs honor your preferred language settings – in my case English only.  So far, so good.

Additional Upgrade Notes:

  • WSUS 3.0 uses the new SQL Server 2005 Embedded Edition (Windows) as its database engine.  This is known internally as ‘wYukon’ – and you can think of it as the new and improved wMSDE.  The existing 2.0 database is backed up in case something goes awry during the upgrade.  I’m going to look into the recovery steps to make sure they match up with the ones for WSUS 2.0 SP1 (see Issue 7 in the SP1 Readme).  More info on that piece in the near future.
  • The entire upgrade process took about 25 minutes on my virtual machine.  Granted, this machine only had one client and a simple computer group design.  However, I’m guessing a typical upgrade will run less than an hour.  Keep in mind that the IIS services are restarted during upgrade… so if you’ve co-located WSUS with other web apps, those apps will bounce during upgrade.  But hey, you’re doing this in a test lab, right?
  • Your computers and update approvals should come across just fine – be sure to bug this if yours don’t.
  • If you want to verify your clients are getting upgraded to Beta 2 code – take a look at %systemroot%\windowsupdate.log.  Scroll toward the bottom and look for info about the version of wuauclt.exe on the system.  Connecting to WSUS 3.0 Beta 2 will update your wuauclt.exe file (and others) to 7.0.5451.90.
  • Check out the WSUS 3.0 Photo Gallery for screen shots of my upgrade as well as the UI shots I posted Monday.

I highly recommend others test the in-place upgrade to identify any issues at this point in the dev cycle.  My guess is that most WSUS admins will opt for in-place upgrades at RTM – so we want to work out all the issues now while there’s still time to fix ‘em.  And don’t forget to log your bugs and suggestions on Connect.  If you’re not much of a ‘bug basher’ at least vote on existing feedback entered by other testers.  You’d be surprised how quickly Connect bugs/feedback make their way to the product group.


First Impressions: WSUS 3.0 Beta 2

Welcome to the first post in a series on WSUS 3.0 Beta 2.  Throughout the week I’ll highlight new features in WSUS 3.0, and also share some of my experience working with the product up to this point.

First Impressions:

Not counting installation, the first change you’ll notice in WSUS 3.0 is the shift from a web-based interface to one built on top of the Microsoft Management Console (MMC).  In addition to bringing the product in line with other Microsoft products, the MMC enables some rich functionality.  For instance, many objects in the MMC hierarchy have useful home pages with relevant status and reporting information.  Here’s a screen shot of the top-level WSUS home page showing the status of my lab server ‘WSUS3’.


Moreover, you can right-click almost anywhere in the UI and find all kinds of useful tools.  A perfect example is the ability to add/remove columns from the Updates list.  In WSUS 2.0 you were limited to a hard-coded set of columns (Title, Classification, Release Date, and Approval).  But what if you wanted to group items by MSRC Severity, or sort them by KB Article Number?  These scenarios and more are possible with WSUS 3.0.  Take a look at these customized Updates views and see for yourself.


Updates Sorted by MSRC Number


Updates Grouped by Classification

Hey, this ain’t your father’s WSUS.  And we’re not talking about superfluous changes just for the sake of ‘oohs and ahhs’ (sorry Vista team).  The new UI will improve your productivity right out of the gate.  Like Office 2007, it may take some getting used to – but in the end it’s a huge win for WSUS admins.  Bravo WSUS team!

‘Big Ticket’ Items:

Several other WSUS 3.0 features are worth mentioning in this initial post.  We’ll delve into some of them in more detail later this week.

  • ‘WSUS Reporters’ Delegated Administration: A frequent request from medium and large organizations is the ability to provide users with view-only access to WSUS reports.  This is often required for internal and external auditors.  However, up to this point WSUS reporting was an all or nothing proposition.  If you could run reports, you could just as easily approve updates or delete entire computer groups.  Not exactly an optimal solution.  WSUS 3.0 solves this problem with the addition of a ‘WSUS Reporters’ security group, which restricts group members to reporting functionality only.  While this is a step in the right direction, many of you have been asking for an even more robust delegated admin model.  Unfortunately delegated reporting is as far as the product team decided to go in v3.  But hey, its free… and there’s always room for improvement in v4.
  • Clients in Multiple Target Groups: WSUS 2.0 targeting was limited in the sense that a computer could only belong to one group.  Furthermore, there was no nesting hierarchy, which resulted in a long list of computer groups for some large WSUS deployments.  Both issues have been addressed in WSUS 3.0.  Computers can now belong to more than one group (e.g. Test PCs & Prod PCs) and admins can create a logical computer group hierarchy to match their testing and deployment needs.
  • Reporting Improvements: It’s almost not fair to call the reporting changes ‘improvements’.  We’re talking about a complete overhaul.  The WSUS product group decided to scrap the current reporting infrastructure and instead take advantage of the Visual Studio Report Viewer.  In addition to a much friendlier and customizable UI, the new report viewer offers something many WSUS administrators have long clamored for – the ability to export report data to either PDF or Excel formats.  That should make the CxO-types happy!
  • Simplified Configuration: All the new functionality in WSUS 3.0 is worthless if the out-of-the-box experience (OOBE) stinks.  Once again the team has done everything but reach through the computer and set it up for you.  And for once, the WSUS OOBE Wizard is one that I can actually live with (unlike many others that raise my blood pressure).  For instance, the WSUS OOBE ensures that you get the right update languages, the right products and update classifications, and even sets up an initial synchronization schedule.  Obviously you can go back and change these settings at any time – but having a fairly intelligent UI wrapper around the initial setup process should cut down on support calls and ensure a positive end-user experience.


Unlike its predecessor, WSUS 3.0 cannot be installed on Windows 2000 Server.  This doesn’t mean it won’t deliver updates to Windows 2000 machines – just that the WSUS server itself must run Windows Server 2003 SP1.  I’m guessing this prerequisite will upset a few of you, and I can understand your situation.  Not everyone has budget for software upgrades right now… but then again we aren’t looking at public availability until sometime next year anyway.  So now would be an excellent time to put in a few grand for a new server and a copy of Windows Server 2003.

Make sure to peruse the WSUS 3.0 Readme for a full list of prerequisites and known issues.  And don’t forget this is still beta software.  Even though I’ve given the product mostly praise in this post, there are still a few loose ends that need to be ironed out before RTM.  I recommend limiting WSUS 3.0 deployments to the test lab, or possibly a limited pilot deployment within your IT department.  Please don’t unleash this on your end-user population quite yet ;)

What’s Next?

Stay tuned to WindowsConnected for more information on WSUS 3.0 Beta 2.  And if you’re one of those ‘picture is worth a thousand words’ people, don’t forget to visit the screen shot gallery.

WSUS 3.0 Beta 2 Available on Connect

Windows Server Update Services (WSUS) 3.0 Beta 2 is now available on Microsoft’s Connect web site.  I’ve posted some screen shots in the WSUS 3.0 Gallery – and will upload my initial review later tonight.

Here’s Microsoft’s take on the WSUS 3.0 Beta 2 release:

Microsoft Windows Server Update Services (WSUS) 3.0 Beta 2 delivers new features that enable administrators to more easily manage and deploy updates across the organization. WSUS 3.0 Beta 2 benefits include a new MMC-based user interface with advanced filtering and reporting, improved performance and reliability, branch office optimizations and reporting rollup, and a Microsoft Operations Manager management pack.

Stay tuned to WindowsConnected throughout the week for more info on WSUS 3.0.

Register Now for WSUS 3.0 Beta 2

The next release of WSUS (referred to as v3.0) will hit the Beta 2 milestone VERY soon ;)  Make sure to get your hands on it by going to this link on Connect.  WSUS 3.0 Beta 2 isn’t intended to replace your existing WSUS production servers just yet – so plan on a limited test deployment for the time being.  That said, I’ve had the pleasure of working with 3.0 for quite a while now – and the team has done an excellent job of ensuring core functionality… as well as adding a lot of cool new features.

More WSUS 3.0 info COMING SOON!


IE 7 Pushed as High-Priority Update

I’ve already had a couple inquiries about today’s IE 7 distribution announcement.  Their concern is specifically around how to block IE 7 upgrades in a managed environment.  Apparently Microsoft anticipated this level of concern, and they’ve posted an FAQ for your viewing pleasure.

Bottom line: Customers will have more ways to block IE 7 than they can shake a stick at… including SMS, WSUS, Group Policy, and a dedicated blocking tool. 

One cool thing you’ll notice in the FAQ is that installing the blocking tool today won’t prevent you from being able to distribute IE 7 at a future date using WSUS or SMS – or by manually installing it from Windows/Microsoft Update.  All the blocking tool does is prevent the unmanaged Automatic Updates service from downloading/installing IE 7.