Updating a Windows Small Business Server 2003 Network Using Software Update Services Server 1.0

Introduction

An important way to help keep your network secure is to install the latest operating system updates to computers running Microsoft Windows.

Software Update Services (SUS) Server 1.0 Service Pack 1 (SP1) provides a way to manage and distribute critical Windows updates, which resolve known security vulnerabilities and other stability issues in Windows.

Note: SUS Server 1.0 SP1 addresses compatibility issues that existed between Windows Small Business Server 2003 and SUS Server 1.0.

If you use SUS, you do not need to use the Windows Update Web site to manage the updates for each computer on the network. Instead, you can manage the updates on the computer running Windows Small Business Server and configure that computer to distribute the updates automatically to the client computers. The client computers do not need Internet access to receive the updates. This paper tells you how to install, configure, and use SUS Server 1.0 on your Windows Small Business Server 2003 network using the following steps:

•	Planning and deploying SUS
•	Updating computers using SUS

This paper also includes an optional section that gives suggested methods to test updates.

SUS can provide updates for computers running Windows 2000 Professional, Windows 2000 Server, Windows XP Professional, or Windows Server 2003 operating systems. If you are running another version of Windows, you can find instructions for how to update it on the Windows Downloads page on the Microsoft Web site at http://www.microsoft.com/windows/downloads/default.mspx.

If you have five or fewer computers, using SUS is not efficient. Instead, configure each client computer to download and install updates from Windows Update using Automatic Updates. For more information about Windows Update and Automatic Updates, see the Frequently Asked Questions on the Microsoft Web site at http://www.microsoft.com/athome/security/protect/update.mspx.

Note: If you have computers that are not part of the Small Business Server domain, you can update them using Automatic Updates. If you have computers running Windows XP Home Edition, you can use Automatic Updates or you can upgrade to Windows XP Professional. Windows XP Professional is designed to work with the Windows Server 2003 network environment. This adds security while also improving reliability, performance, and functionality for the local network. For information about upgrading client computers, see the Windows XP Professional Upgrade Center on the Microsoft Web site at http://www.microsoft.com/windowsxp/pro/upgrading/default.mspx.

IMPORTANT: All the step-by-step instructions included in this document were developed by using the Start menu that appears by default when you install your operating system. If you have modified your Start menu, the steps might differ slightly.

Top of page

Before You Begin

Before you deploy SUS, you must complete Windows Small Business Server 2003 Setup.

This document assumes that you have already completed Windows Small Business Server 2003 Setup, including the Connect to the Internet task on the To Do List. The To Do List appears at the end of Setup and is used to complete the configuration of Windows Small Business Server 2003. If you have not configured your Internet connection, complete the following procedure.

•

To configure your Internet connection

1.	Click Start, and then click Server Management.
2.	In the console tree, click To Do List.
3.	In the details pane, click Connect to the Internet, and then complete the Configure E-mail and Internet Connection Wizard.

If you are migrating from Microsoft Small Business Server 2000 and the computer is also running SUS Server 1.0 SP1, check for an update addressing this situation in the document "Migrating from Small Business Server 2000 or Windows 2000 Server to Windows Small Business Server 2003" on the Microsoft Web site at http://www.microsoft.com/downloads/details.aspx?FamilyID=fa187d1e-8218-4501-9729-222bd8ebb64c&DisplayLang=en.

Top of page

Planning and Deploying SUS

Before you install SUS, you first take an inventory of the computers in your network. This will later help you decide how to deploy the updates to the computers. Then you install and configure SUS. Finally, you prepare the client computers for SUS and configure settings to deploy automatic updates.

Use the following steps to plan and deploy SUS Server 1.0 SP1:

•	Take an inventory of the computers on your network
•	Install and configure SUS
•	Download updates for SUS
•	Upgrade Automatic Updates on client computers
•	Configure settings for Automatic Updates

Take an Inventory of the Computers on Your Network

You must take an inventory of each computer on your network to determine its name and the licensed operating system it is running. You will use this information later to determine whether any computers need to be updated without using SUS and whether the Automatic Updates software on any of the computers needs to be updated to work with SUS. All Microsoft software should be licensed on the computers you intend to update.

Requirements

•	You must be logged on as a member of the Administrators group.

•

To determine client computer names and operating system versions

Log on to the computer running Windows Small Business Server as Administrator or with an account that has administrative rights and permissions.

The Server Management console appears. If it does not appear, click Start, click Administrative Tools, and then click Server Management.

In the console tree, click Client Computers.

In the details pane, you will see a list of client computers. Double-click a computer name to open the client computer's property page.

On the computer's property page, click the Operating System tab.

In the following table, record the information for each computer.

Repeat for each computer listed in the details pane.

Names and Operating Systems of Each Computer

Computer Name	Operating System Name	Operating System Version and Service Pack

•

To determine server computer names and operating system versions

•	Repeat the procedure above for server computers by clicking on Server Computers in the console tree to display the list of server computers.

To work with SUS, computers running Windows 2000 need to have Service Pack 2 or later installed. If they do not, install the latest service pack on them.

•

To install the latest service pack on computers running Windows 2000

1.	Log on to the computer running Windows 2000 as Administrator or with an account that has administrative rights and permissions.
2.	Click Start and select Windows Update.
3.	Click Yes on the Security Warning dialog box that prompts you to install and run Windows Update.
4.	Click Scan for Updates at the Windows Update Web site.
5.	Click Critical Updates and Service Packs in the console tree.
6.	Scroll through the list of updates and click Remove on all the updates except Windows 2000 Service Pack 4 Express Install for End Users. You can install the other updates later, using SUS.
7.	Click Review and Install Updates.
8.	Click the Install Now button.
9.	Click Accept on the License Agreement dialog box. The Windows 2000 Service Pack 4 Setup Wizard appears.
10.	Click Next.
11.	If you agree with the License Agreement, click I Agree and click Next.
12.	Click Next to accept the default option to archive files.
13.	The download and installation begin. Click Finish when the installation is complete.
14.	Click OK to restart your computer.

You also need to determine your Windows domain name.

•

To determine your Windows domain name

1.	Click Start, and then click Run. In the Open box, type cmd, and then click OK.
2.	At the command prompt, type set, and then press ENTER.

In the output text, you will see the following:
USERDOMAIN=yourWindowsdomain

where yourWindowsdomain is the name of your Windows domain.

Write your Windows domain name here:

Install and Configure SUS

You must download SUS Server 1.0 SP1, install it, and configure it on the computer running Windows Small Business Server 2003.

Requirements

•	You must be logged on as a member of the Administrators group.

•

To download SUS Server 1.0 SP1

1.	Log on to the computer running Windows Small Business Server 2003 as Administrator or with an account that has administrative rights and permissions.
2.	Download Software Update Services Server 1.0 with Service Pack 1 from the Microsoft Web site at http://www.microsoft.com/downloads/details.aspx?FamilyID=a7aa96e4-6e41-4f54-972c-ae66a4e4bf6c&DisplayLang=en. This file is approximately 33 megabytes (MB) in size. With a 56 Kbps Internet connection, it will take approximately 80 minutes to download.
3.	On the Software Update Services Server 1.0 with Service Pack 1 page, select the language to download, click Go, and then click Download.
4.	Click Open to begin the download.

When the download is complete, install SUS Server 1.0 SP1.

•

To install SUS Server 1.0 SP1

1.	On the Welcome page of the Setup Wizard, click Next.
2.	Read the End User License Agreement. If you agree with it, click Next. If you do not agree with it, terminate your SUS Server .0 installation.
3.	On the Choose setup type page, click Typical.
4.	On the Ready to install page, note the download URL that Automatic Updates will use on the client computers to get updates from the server. Write the complete URL here (including http://): This URL is http://YourServerName, where YourServerName is the name of your server computer. You will use this URL to define Group Policy settings for configuring SUS, as described later in this paper.
5.	Click Install.
6.	When the completion page appears, note the URL to access the SUS Administration Web site. Write the URL here:
7.	Click Finish to complete the installation. The SUS administration page appears.
8.	On the SUS administration page, under Other options, click Set options.

If you are running Microsoft Internet Security and Acceleration (ISA) Server on your computer running Windows Small Business Server, you must configure SUS to use a proxy server. This will allow SUS to connect to the Internet through the proxy server.

•

To configure SUS to use a proxy server

1.	Click Use a proxy server to access the Internet.
2.	Click Use the following proxy server to access the Internet. In the Address box, type *yourcomputername, where yourcomputername* is the name of the computer running Windows Small Business Server. In the Port box, type 8080.
3.	Click Use the following user credentials to access the proxy server. In the User box, type *YourWindowsDomain\AdministratorsAccount* (where *YourWindowsDomain* is the name of your Windows domain, which you recorded earlier, and *AdministratorsAccount* is the name of an account for which you have administrative credentials.

SUS can provide updates for clients in any language or locale. You need to select the languages and locales that you support.

•

To configure SUS to install particular languages and locales

1.	Scroll to the bottom of the options page. Click Clear All, and select only those languages and locales that you support.
2.	Click Apply.
3.	In the VBScript dialog box, click OK.

Download Updates for SUS

The next step is to download all available updates for SUS. This helps ensure that your installation of SUS includes all the supported Windows operating systems for all the locales you selected in the previous procedure.

The amount of data that you must download is large; one locale requires approximately 600 MB. To download 600 MB of data takes approximately 125 minutes over a 640 Kbps broadband connection or 23 hours over a 56 Kbps dial-up connection. Therefore, schedule the download for a time when no business activity is taking place on your Internet connection. Also, make sure not to schedule the download for the same time as the system backup.

•

Requirements

•	You must be logged on as a member of the Administrators group.

•

To download updates for SUS

1.	Using a web browser, open the SUS Administration page at http://yourSBSservername/SUSAdmin.
2.	In the console tree, click Synchronize server.
3.	Click Synchronization Schedule.
4.	Click Synchronize using this schedule. Accept the defaults (3:00 a.m., daily, 3 retries), and then click OK.
5.	Click Synchronize Now to download the updates. The updates will not be distributed to computers until you approve them (as described later in this paper).
6.	In the VBScript dialog box, click OK.

The Approve updates page appears. Do not approve any updates yet.

Upgrade Automatic Updates on Client Computers

The Automatic Updates program on your client computers may need to be updated to work properly with SUS, depending on which operating system and service packs the client computer is running. Review the computer inventory list that you created earlier. If a computer is running any of the following operating systems, the Automated Updates program must be updated on it before you run SUS:

•	Windows 2000 Professional Service Pack 2
•	Windows 2000 Server Service Pack 2
•	Windows XP Professional (no service pack)
•	Windows XP Home Edition (no service pack)

On computers running Windows 2000 Service Pack 3 or later, Windows XP Service Pack 1 or later, or Windows Server 2003, you do not need to update the Automatic Updates program.

Requirements

•	You must be logged on as a member of the Administrators group.

•

To update the Automatic Updates program

1.	Log on to a computer that needs to be updated as Administrator or with an account that has administrative rights and permissions.
2.	Go to the Automatic Updates page on the Microsoft Web site.
3.	Select the appropriate language from the drop-down list at the top of the page, and then click Go.
4.	Under Download, click the Automatic Update Client link.
5.	To start the installation immediately, click Open or Run this program from its current location.

Configure Settings for Automatic Updates

You must configure how and when to handle updates on your network, including when to download and install the updates. To do this, use Group Policy to configure the Basic SUS Config Group Policy object (GPO). If you choose to, you can also configure the Scheduled Install SUS Config GPO.

The Basic SUS Config GPO configures updates so that they are automatically downloaded and the user chooses when to install them. This GPO typically applies to servers on a network, but you can also use it to give the user of a client computer the option to install updates when the user chooses.

The Scheduled Install SUS Config GPO is an additional, optional GPO that configures updates so that they are automatically downloaded and installed according to a schedule you define. This GPO typically applies to client computers on a network.

Before configuring the GPO, you must determine if any computer accounts need to be moved to the proper location. If computers were added to the network without using the Add Computers wizard, computer accounts may not be located in the expected location and the GPO will not work for updating client computers.

Requirements

•	You must be logged on as a member of the Administrators group.

•

To move computer accounts to the proper location

1.	Log on to the computer running Windows Small Business Server as Administrator or with an account that has administrative rights and permissions.
2.	The Server Management console appears. If it does not appear, click Start, click Administrative Tools, and then click Server Management.
3.	In the console tree, double-click Advanced Management, double-click Active Directory Users and Computers, and then double-click *YourDomainName*.
4.	Click Computers. In the details pane, you may see a list of computers. If you do, continue with this procedure to move them. If not, skip the rest of this procedure.
5.	Right-click the computer name, and then click Move.
6.	In the Move dialog box, double-click MyBusiness.
7.	Double-click Computers.
8.	If the computer is a server, click SBSServers. If it is a client computer, click SBSComputers, and then click OK.
9.	Repeat for each computer in the list.

Next, create the Basic SUS Config GPO.

•

To create the Basic SUS Config GPO

1.	If necessary, log on to the computer running Windows Small Business Server as Administrator or with an account that has administrative rights and permissions.
2.	The Server Management console appears. If it does not appear, click Start, click Administrative Tools, and then click Server Management.
3.	In the console tree, double-click Advanced Management.
4.	Double-click Group Policy Management, double-click Forest: *YourDomainName, double-click Domains, and then double-click YourDomainName. Your screen will look similar to the following: Note:* Screen shots in this document reflect a test environment and the information might differ from the information displayed on your screen.
5.	Right-click *YourDomainName, and then click Create and Link a GPO Here*.
6.	In the text box, type Basic SUS Config, and then click OK. The Group Policy object appears in the details pane.
7.	In the details pane, right-click Basic SUS Config, and then click Edit. Group Policy Object Editor opens. Your screen will look similar to the following:
8.	In the console tree of Group Policy Object Editor, under Computer Configuration, double-click Administrative Templates.
9.	Under Administrative Templates, double-click Windows Components, and then select Windows Update.
10.	In the details pane, double-click Configure Automatic Updates.
11.	Select Enabled.
12.	Accept the default settings under Configure automatic updating (3 - Auto download and notify for install), and then click OK.
13.	Double-click Specify intranet Microsoft update service location.
14.	Click Enabled.
15.	Type *http://YourServerName*** in the text box labeled "Set the intranet update service for detecting updates" and also in the text box labeled "Set the intranet statistics server," and then click OK. The URL http://YourServerName is the URL that you recorded when you installed SUS. Be sure to include the entire URL, including http://.
16.	Close Group Policy Object Editor.

Create the Scheduled Install SUS Config GPO if you want to schedule the installation of Windows updates on your client computers. This installation schedule does not apply to server computers.

•

To create the Scheduled Install SUS Config GPO

1.	Log on to the computer running Windows Small Business Server as Administrator or with an account that has administrative rights and permissions.
2.	The Server Management console appears. If it does not appear, click Start, click Administrative Tools, and then click Server Management.
3.	Double-click the following (if necessary): Group Policy Management, Forest: *YourDomainName, Domains, YourDomainName, My Business, and then Computers*.
4.	Right-click SBSComputers, and then click Create and Link a GPO Here.
5.	In the text box, type Scheduled Install SUS Config, and then click OK.
6.	In the console tree, under SBSComputers, right-click Scheduled Install SUS Config, and then click Edit. Group Policy Object Editor opens.
7.	In the console tree, under Computer Configuration, double-click Administrative Templates.
8.	Under Administrative Templates, double-click Windows Components, and then select Windows Update.
9.	In the details pane, double-click Configure Automatic Updates. The Configure Automatic Properties window appears.
10.	Select Enabled.
11.	Under Configure automatic updating, select 4 - Auto download and schedule the install.
12.	Leave the default 0 - Every day for the Scheduled install day.
13.	In the Scheduled install time box, select 05:00, and then click OK.
14.	Double-click Specify intranet Microsoft update service location. The Specify intranet Microsoft update service location Properties window opens.
15.	Click Enabled.
16.	Type *http://YourServerName*** in the text box labeled "Set the intranet update service for detecting updates" and also in the text box labeled "Set the intranet statistics server," and then click OK. The URL http://YourServerName is the URL that you recorded when you installed SUS. Be sure to include the entire URL, including http://.
17.	Double-click Reschedule Automatic Updates scheduled installations. The Reschedule Automatic Updates scheduled installations Properties window opens.
18.	Click Enabled.
19.	Accept the default value of 5 for Wait after system startup (minutes), and then click OK.
20.	Double-click No auto-restart for scheduled Automatic Updates installations. The No auto-restart for scheduled Automatic Updates installations Properties window opens.
21.	Click Disabled, and then click OK.
22.	Close Group Policy Object Editor.

Top of page

Updating Computers Using SUS

After you have configured SUS on the computer running Windows Small Business Server, you must determine which updates you will approve to be downloaded and installed on your computers. After the download and installation has occurred, you must then verify that the updates have occurred correctly. SUS downloads and installs only those updates that apply to a computer's operating system and locale. When new updates are released from Microsoft, repeat this process.

The following are the steps for updating your computers using SUS Server 1.0 SP1:

•	Test the updates (optional)
•	Approve the updates
•	Verify that client computers are receiving updates
•	Install updates on server computers
•	Continue applying updates

Test the Updates (optional)

If you are concerned about compatibility issues for business applications when new Windows updates are installed, consider testing the updates before you approve them. If you elect to test the updates before approving them, see the section titled "Suggested Methods to Test Updates" later in this document.

Approve the Updates

To distribute updates to computers on your network, you must approve them.

Requirements

•	You must be logged on as a member of the Administrators group.

•

To approve the updates

1.	Log on to the computer running Windows Small Business Server as Administrator or with an account that has administrative rights and permissions.
2.	Click Start, select Administrative Tools, and then click Microsoft Software Update Services.
3.	In the console tree, click Approve Updates.
4.	Scroll through the list of updates and select the check box next to each update that you want to approve. Note: To find a particular update, you can use Sort by at the top of the list of updates to sort by Platform, Status, Title, or Date.
5.	After you have found and checked all of the updates you want to approve, click Approve.
6.	Click Yes to continue.
7.	If you agree with the terms of the License Agreement, click Accept (if necessary).
8.	Click OK to complete the approval of the updates.
9.	The list of updates is sorted by status, with the approved updates at the top of the list.
10.	Close the SUS administration page.

Verify That Client Computers Are Receiving Updates

By 5:00 the next morning, each client computer should have downloaded and installed the updates that you approved and that apply to the operating system it is running. If the updates still have not appeared after approximately 48 hours, you can perform troubleshooting procedures to fix the problem.

For best results when using SUS, users should save their data, close their applications, log off, and leave their computer on at night so that updates install automatically before the users return the next morning.

Many Windows updates are specific to a particular operating system version. If a computer is not running that particular operating system or browser, the update is not downloaded or installed on it.

Note: If you did not create the Scheduled Install SUS Config follow the step called "Install Updates on Server Computers" later in this paper to install updates on all of your computers.

Requirements

•	You must be logged on as a member of the Administrators group.

•

To verify that updates have been installed on a client computer

1.	Log on to the computer as Administrator or with an account that has administrative rights and permissions.
2.	In Windows XP, click Start, click Control Panel, and then click Add or Remove Programs. In Windows 2000, click Start, click Settings, click Control Panel, and then click Add or Remove Programs.

You should see a list of programs that are currently installed, including the updates that you approved.

If you do not see the updates and more than 48 hours have elapsed, perform the following procedures to fix the problem.

•

To verify that a computer has received the appropriate Group Policy settings, using Resultant Set of Policy (Windows XP only)

1.	Log on to the computer as Administrator or with an account that has administrative rights and permissions.
2.	Click Start, and then click Run. In the Open text box, type rsop.msc, and then click OK. The Resultant Set of Policy window opens. Your screen will look similar to the following:
3.	In the console tree, under Computer Configuration, click Administrative Templates.
4.	In the details pane, double-click Windows Components.
5.	In the details pane, double-click Windows Update.
6.	If necessary, in the details pane, scroll to see all of the columns.

If you created the Scheduled Install SUS Config GPO, the following will be displayed on a client computer:

Client Computer Group Policy Settings (with Both GPOs)

Setting	State	GPO Name
Configure Automatic Updates	Enabled	Scheduled Install SUS Config
Specify intranet Microsoft Update service location	Enabled	Scheduled Install SUS Config
Reschedule Automatic Updates scheduled installations	Enabled	Scheduled Install SUS Config
No auto-restart for scheduled Automatic Updates installations	Disabled	Scheduled Install SUS Config

If you did not create the Scheduled Install SUS Config GPO, the following will be displayed:

Client Computer Group Policy Settings (with One GPO)

Setting	State	GPO Name
Configure Automatic Updates	Enabled	Basic SUS Config
Specify intranet Microsoft Update service location	Enabled	Basic SUS Config

If this is not what is displayed, go back to the section called "Configure Settings for Automatic Updates" and double-check to see that the procedures were followed correctly.

If it appears that a computer has the proper Group Policy settings applied to it, but the expected updates still do not appear, you can try forcing a Group Policy update on that computer.

•

To force a Group Policy update on a computer running Windows XP

1.	Log on to the computer as Administrator or with an account that has administrative rights and permissions.
2.	Click Start, and then click Run. In the Open box, type cmd, and then click OK.
3.	At the command prompt, type gpupdate/force, and then press ENTER.

•

To force a Group Policy update on a computer running Windows 2000

Log on to the computer as Administrator or with an account that has administrative rights and permissions.

Click Start, and then click Run. In the Open box, type cmd, and then click OK.

At the command prompt, type:

secedit /refreshpolicy machine_policy /enforce
then press ENTER.

The GPO will be updated from the computer running Windows Small Business Server. Check again for updates after 48 hours. If you did not create the Scheduled Install SUS Config GPO, check to see if the update icon appears in the taskbar. You may need to wait a few hours for the icon to appear.

Install Updates on Server Computers

On your server computers (including the computer running Windows Small Business Server), install the updates manually, at a time that is convenient for you.

Requirements

•	You must be logged on as a member of the Administrators group.

•

To manually install updates on a server computer

1.	Log on to the server computer as Administrator or with an account that has administrative rights and permissions.
2.	In the taskbar in the lower right corner of the desktop, you should see the Updates icon (Windows flag on globe), which indicates that updates have been uploaded to the computer and are ready to install. Your screen will look similar to the following:
3.	Click the icon, and install the updates at your convenience.

If you do not see this icon and more than 48 hours has elapsed, perform the following procedures to try to fix the problem.

•

To verify that a computer has received the appropriate Group Policy settings using Resultant Set of Policy (Windows Server 2003 only)

1.	Log on to the computer as Administrator or with an account that has administrative rights and permissions.
2.	Click Start, and then click Run. In the Open box, type rsop.msc, and then click OK. The Resultant Set of Policy window opens.
3.	In the console tree, under Computer Configuration, click Administrative Templates.
4.	In the details pane, double-click Windows Components.
5.	In the details pane, double-click Windows Update.
6.	If necessary, in the details pane, scroll to see all of the columns.

Server computers should display the following information:

Server Computer Group Policy Settings

Setting	State	GPO Name
Configure Automatic Updates	Enabled	Basic SUS Config
Specify intranet Microsoft Update service location	Enabled	Basic SUS Config

If this is not what is displayed, go back to the section called "Configure Settings for Automatic Updates" and double-check to see that the procedures were followed correctly.

If it appears that a computer has the proper Group Policy settings applied to it but the expected updates do not appear, you can try forcing a Group Policy update on that computer.

•

To force a Group Policy update on a computer running Windows Server 2003

1.	Log on to the computer as Administrator or with an account that has administrative rights and permissions.
2.	Click Start, and then click Run. In the Open box, type cmd, and then click OK.
3.	At the command prompt, type gpupdate/force, and then press ENTER.

•

To force a Group Policy update on a computer running Windows 2000

Log on to the computer as Administrator or with an account that has administrative rights and permissions.

Click Start, and then click Run. In the Open box, type cmd, and then click OK.

At the command prompt, type:

secedit /refreshpolicy machine_policy /enforce
and then press ENTER.

The GPO will be updated from the computer running Windows Small Business Server. Check to see if the update icon appears in the taskbar. You may need to wait a few hours for the icon to appear.

Continue to Apply Updates

The server that is running SUS downloads new updates automatically when they are released by Microsoft. Periodically check the SUS Administration page for new updates that you need to review for approval. To remind you that new updates are available, you can subscribe to receive update notifications on the Microsoft Web site at http://www.microsoft.com/security/default.mspx. If you subscribe, you will receive e-mail when new updates are released.

Requirements

•	You must be logged on as a member of the Administrators group.

•

To update your computer

1.	Check your e-mail for new updates (if you subscribed to receive update notifications).
2.	Check the SUS Administration page, under Approve Updates, to see if any new updates have been downloaded to the computer running Windows Small Business Server. New updates appear in the list with a status of New.
3.	If new updates appear, repeat these steps, starting with the section called "Test the Updates (optional)."

Top of page

Suggested Methods to Test Updates

To test the Windows updates, consider designating one of your computers as the test computer. This computer should run your important applications and be used by a person who is technically advanced enough to help you troubleshoot the problems that might arise from the tests. You will need to designate more than one of your computers as a test computer if you have multiple operating-system versions or if you cannot find a computer that runs all your important applications. For example, if you use Windows XP and Windows 2000, you need a Windows XP test computer and a Windows 2000 test computer. You will download the updates directly from the Microsoft Windows Update Services and apply them to your test computer.

On test computers running Windows XP, use System Restore to create a restore point before testing the Windows updates. This will protect your system from potentially harmful changes because, if the updates cause problems with your applications, you can return the system to the restore point and undo the updates. On computers running versions of Windows other than Windows XP, you must manually uninstall the updates by using Add or Remove Programs in Control Panel.

Before you install updates, check with the manufacturer of any third-party applications that you use to see if they know of any compatibility issues between the application and a Windows update. If so, they may have a solution for the problem and you can avoid unnecessary testing. Do the following to check for compatibility issues:

•	Check the manufacturer's manual.
•	Browse the manufacturer's Web site. Generally, compatibility issues are listed in the Support area.
•	Call their Support number and ask about any known compatibility issues with Windows updates.

•

To create a restore point on your test computer (Windows XP only)

1.	Log on to your test computer as Administrator or with an account that has administrative rights and permissions.
2.	Click Start, and then click Help and Support.
3.	Under Pick a Task, click Undo changes to your computer with System Restore.
4.	Click Create a restore point, and then click Next.
5.	In the Restore point description box, type Before Windows Updates, and then click Create.
6.	After the restore point is created, click Close. Take note of the date in case you need to restore later.

Next, download any available critical updates and service packs from Microsoft Windows Update on the Microsoft Web site at http://windowsupdate.microsoft.com. You must do this on a different test computer for each version of Windows running on your network. For example, if you have Windows XP and Windows 2000 Professional, you need a Windows XP test computer and a Windows 2000 Professional test computer.

Note: Some updates cannot be removed from the operating system. The detailed description of the update will tell you which updates can not be removed.

•

To update the test computer

1.	Log on to the test computer as Administrator or with an account that has administrative rights and permissions.
2.	Go to Microsoft Windows Update on the Microsoft Web site at http://windowsupdate.microsoft.com.
3.	Click Scan for Updates.
4.	In the console tree, review the critical updates and service packs that are available. Your screen will look similar to the following: If no critical updates or service packs are available to install, stop here. Otherwise, continue with this procedure. Note: You can receive notification of Windows updates by subscribing to Microsoft Security Update e-mail alerts on the Microsoft Web site at http://www.microsoft.com/security/default.mspx.
5.	In the console tree, click Critical Updates and Service Packs. All of the critical updates and service packs available are automatically selected.
6.	In the details pane, click Review and install updates.
7.	Review and record the number of each update in case you have to manually uninstall it later.
8.	Click Install Now.
9.	If you agree, click Accept on any License Agreement window that appears.
10.	When installation finishes, a dialog box may appear prompting you to restart the computer. If so, click OK to restart the computer now. Otherwise, close the browser.

Now test your important business applications on the test computer with the newly installed updates.

•

To test your applications

1.	Start the applications on the test computer.
2.	Using those applications, perform your typical tasks.
3.	Perform other typical functions (for example, print, browse, connect to a shared folder, and so on).
4.	If possible, perform typical business functions for a day on the test computer.

If all of your applications worked as expected and you did not have any problems, continue on to the section titled, "Approve the Updates." Otherwise, remove the updates from the test computer. On a computer running Windows XP, use the system restore point that you created earlier. On a computer running Windows 2000, Windows Small Business Server 2003, or Windows Server 2003, you must remove the updates manually. If you want, you can also manually remove the updates from a computer running Windows XP.

•

To remove updates using System Restore (Windows XP only)

1.	Log on to the test computer as Administrator or with an account that has administrative rights and permissions.
2.	Click Start, and then click Help and Support.
3.	Under Pick a Task, click Undo changes to your computer with System Restore.
4.	Verify that Restore my computer to an earlier time is selected, and then click Next.
5.	On the calendar, select the date that you created the Before Windows Updates restore point.
6.	In the list to the right of the calendar, select Before Windows Updates, and then click Next.
7.	Confirm the restore point selection, and then click Next. The computer restores itself to the earlier configuration and then restarts.
8.	Log on to the computer, and on the Restoration Complete page, click OK.

•

To remove the updates manually (Windows 2000, Windows Small Business Server 2003, Windows Server 2003)

1.	In Windows XP or Windows Server 2003, click Start, and then click Control Panel. In Windows 2000, click Start, click Settings, and then click Control Panel.
2.	Click Add or Remove Programs.
3.	Scroll down the list of currently installed programs and find the updates that you installed previously.
4.	Select an update to be removed, and then click Remove.
5.	In the Removal Wizard dialog box, click Next.
6.	Click Finish, and then restart your computer (if necessary).
7.	Repeat as necessary to remove all the updates.

After you have removed all the updates, verify that the test computer and the applications are performing normally.

If you have not already done so, contact the manufacturer of the application that had a compatibility issue with the Windows Updates to find out if they know of the issue and have a solution.

If they do not, determine which update is incompatible with the application and avoid installing that update.

•

To determine which update is incompatible with an application

1.	Install the updates one at a time.
2.	Test each update.
3.	If the test passes, continue with the next update. If it fails, uninstall the update.
4.	Repeat this procedure for the remaining updates.

After testing is complete, note which Windows updates passed the test. These will be the updates that you approve. When you are ready to approve the updates, return the section titled, "Approve the Updates."

Top of page