Welcome to the first post in a series on WSUS 3.0 Beta 2. Throughout the week I’ll highlight new features in WSUS 3.0, and also share some of my experience working with the product up to this point.
First Impressions:
Not counting installation, the first change you’ll notice in WSUS 3.0 is the shift from a web-based interface to one built on top of the Microsoft Management Console (MMC). In addition to bringing the product in line with other Microsoft products, the MMC enables some rich functionality. For instance, many objects in the MMC hierarchy have useful home pages with relevant status and reporting information. Here’s a screen shot of the top-level WSUS home page showing the status of my lab server ‘WSUS3’.
Moreover, you can right-click almost anywhere in the UI and find all kinds of useful tools. A perfect example is the ability to add/remove columns from the Updates list. In WSUS 2.0 you were limited to a hard-coded set of columns (Title, Classification, Release Date, and Approval). But what if you wanted to group items by MSRC Severity, or sort them by KB Article Number? These scenarios and more are possible with WSUS 3.0. Take a look at these customized Updates views and see for yourself.
Updates Sorted by MSRC Number
Updates Grouped by Classification
Hey, this ain’t your father’s WSUS. And we’re not talking about superfluous changes just for the sake of ‘oohs and ahhs’ (sorry Vista team). The new UI will improve your productivity right out of the gate. Like Office 2007, it may take some getting used to – but in the end it’s a huge win for WSUS admins. Bravo WSUS team!
‘Big Ticket’ Items:
Several other WSUS 3.0 features are worth mentioning in this initial post. We’ll delve into some of them in more detail later this week.
- ‘WSUS Reporters’ Delegated Administration: A frequent request from medium and large organizations is the ability to provide users with view-only access to WSUS reports. This is often required for internal and external auditors. However, up to this point WSUS reporting was an all or nothing proposition. If you could run reports, you could just as easily approve updates or delete entire computer groups. Not exactly an optimal solution. WSUS 3.0 solves this problem with the addition of a ‘WSUS Reporters’ security group, which restricts group members to reporting functionality only. While this is a step in the right direction, many of you have been asking for an even more robust delegated admin model. Unfortunately delegated reporting is as far as the product team decided to go in v3. But hey, its free… and there’s always room for improvement in v4.
- Clients in Multiple Target Groups: WSUS 2.0 targeting was limited in the sense that a computer could only belong to one group. Furthermore, there was no nesting hierarchy, which resulted in a long list of computer groups for some large WSUS deployments. Both issues have been addressed in WSUS 3.0. Computers can now belong to more than one group (e.g. Test PCs & Prod PCs) and admins can create a logical computer group hierarchy to match their testing and deployment needs.
- Reporting Improvements: It’s almost not fair to call the reporting changes ‘improvements’. We’re talking about a complete overhaul. The WSUS product group decided to scrap the current reporting infrastructure and instead take advantage of the Visual Studio Report Viewer. In addition to a much friendlier and customizable UI, the new report viewer offers something many WSUS administrators have long clamored for – the ability to export report data to either PDF or Excel formats. That should make the CxO-types happy!
- Simplified Configuration: All the new functionality in WSUS 3.0 is worthless if the out-of-the-box experience (OOBE) stinks. Once again the team has done everything but reach through the computer and set it up for you. And for once, the WSUS OOBE Wizard is one that I can actually live with (unlike many others that raise my blood pressure). For instance, the WSUS OOBE ensures that you get the right update languages, the right products and update classifications, and even sets up an initial synchronization schedule. Obviously you can go back and change these settings at any time – but having a fairly intelligent UI wrapper around the initial setup process should cut down on support calls and ensure a positive end-user experience.
Prerequisites:
Unlike its predecessor, WSUS 3.0 cannot be installed on Windows 2000 Server. This doesn’t mean it won’t deliver updates to Windows 2000 machines – just that the WSUS server itself must run Windows Server 2003 SP1. I’m guessing this prerequisite will upset a few of you, and I can understand your situation. Not everyone has budget for software upgrades right now… but then again we aren’t looking at public availability until sometime next year anyway. So now would be an excellent time to put in a few grand for a new server and a copy of Windows Server 2003.
Make sure to peruse the WSUS 3.0 Readme for a full list of prerequisites and known issues. And don’t forget this is still beta software. Even though I’ve given the product mostly praise in this post, there are still a few loose ends that need to be ironed out before RTM. I recommend limiting WSUS 3.0 deployments to the test lab, or possibly a limited pilot deployment within your IT department. Please don’t unleash this on your end-user population quite yet ;)
What’s Next?
Stay tuned to WindowsConnected for more information on WSUS 3.0 Beta 2. And if you’re one of those ‘picture is worth a thousand words’ people, don’t forget to visit the screen shot gallery.