3

When I set up our 2003 SBS server a friend who has been working sysadmin for quite a while told me WSUS was "a must for any size of organization". So I installed it, and have been using it since.

However, I'm beginning to feel that it might be a bit overkill. Our company has five workstations, one laptop and one server. I barely ever block updates (happend once IIRC, and "extra games for Vista" type of update...). Also making sure the laptop is updated - which is almost only used when someone is on a trip, or giving a presentation at a customer - is a pain, since it is very seldom connected to the office network, neither physically or over VPN.

Do you see any point in me keeping WSUS?

carlpett
  • 896
  • 8
  • 17
  • 28

3 Answers3

5

It's good stuff, though on a network your size it probably doesn't get you a whole lot. The best thing it does for you is tell you which machines need updates, which going with the standard Windows Update won't. That by itself is a useful view into your network.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
5

If it were me, with only 5 desktops to worry about, I probably wouldn't bother with it. There are 3 aspects to WSUS that make it a necessity once you reach a certain size:

  1. It cuts down network usage. Every update is downloaded once only.
  2. It allows you to set policies and be selective about what you apply. If you run bespoke, business critical software, WSUS is a must to allow you to withhold patches so they can be tested.
  3. It gives you a centralised reporting mechanism for seeing which machines have been updated properly.

With 5 PCs: 1 is really not an issue and 2 you can probably deal with - If you only used boxed products, then it's incredibly rare that the critical and security updates will cause you any grief (Just don't install drivers from Windows update). 3 depends on how much control you give your users over their PCs and how much visibility you need over their update status. If you turn off WSUS, then I'd recommend giving your desktops a manual health check once a month, or so.

SmallClanger
  • 8,947
  • 1
  • 31
  • 45
  • We're a small graphics company, so nothing more exotic than Photoshop :) Thanks for your advice! (Sorry about the accept-delay, kinda forgot I hadn't accepted...) – carlpett Jan 11 '11 at 09:09
1

No, you don't really "need" WSUS. If you really prefer to do things manually instead of using automation then by all means remove WSUS. On the other hand, I would consider the break-even point for WSUS, compared to manually managing updates, to be only one computer - the WSUS server itself. Even with just that one machine you gain much greater control over the updates using WSUS, so is well justified.

The laptop does indeed present a problem, one many of us have had to deal with. For that I would simply use Microsoft's update site, although doing so pains me. Then again, I regularly block updates that simply don't have a reason to be installed.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108