Windows & .NET Magazine UPDATE--A Preview of Windows Update Services--March 23, 2004

This Issue Sponsored By

Argent Software

NetIQ Corporation


Commentary: A Preview of Windows Update Services

Hot Off the Press
- Microsoft Faces Record Fine, New Windows Version in EU Case

New and Improved
- Look Through Compressed Archives
- Ensure Optimal Email Usage

==== Sponsor: Argent Software ====

Free Download: Monitor Your Entire Infrastructure with ONE Solution
The Argent Guardian monitors servers, applications, any and all SNMP-compliant devices as well as the overall health of the entire network at a fraction of the cost of "framework" solutions. Network Testing Labs states that "The Argent Guardian will cost far less than MOM and yet provide significantly more functionality." Using a patented Agent-Optional architecture, the Argent Guardian is easily installed and monitoring your infrastructure in a matter of hours. Download a fully-functioning copy of the Argent Guardian at:


==== Commentary: A Preview of Windows Update Services ====
by Paul Thurrott, News Editor, [email protected]

Last week at the Microsoft Management Summit (MMS) 2004 in Las Vegas, Nevada, Microsoft unveiled its next-generation Software Update Services (SUS) 2.0 server application, which the company has renamed Windows Update Services (WUS, presumably pronounced "woos"). WUS is the latest in a long line of out-of-band (OOB) updates to Windows Server 2003, which Microsoft now calls feature packs. For small and midsized businesses, this release will likely be one of the most important updates the company could make to Windows 2003. And like many Windows 2003 feature packs, WUS will be free to customers, adding to its value.

Like its predecessor, WUS is a patch-deployment and system update management server that sits on top of Windows Server. From a product-positioning standpoint, WUS sits between Windows Update and Microsoft System Management Server (SMS). Windows Update is designed for individuals and small businesses, and the next version of this manually triggered, Web-based service will debut alongside Windows XP Service Pack 2 (SP2) in May or June, offering a simplified UI and easier access to critical updates. At the other end of the spectrum, SMS is Microsoft's full-blown patch management solution, aimed at midsized businesses and global enterprises. WUS offers many of SMS's patch-deployment capabilities along with the simplicity of Windows Update. Microsoft will likely include WUS as part of the next Windows Server version, currently dubbed Windows Server 2003 R2 and due in the first half of 2005.

These three products--along with its other patch-management solutions, such as Automatic Updates and the Microsoft Baseline Security Analyzer (MBSA)--form the outward-looking portion of Microsoft's patch-management strategy. Unlike the current situation, all these products will soon use the same database back end, meaning that patch queries from different tools on the same system will yield the same results. The products will also take advantage of deep-seated technological improvements, including a new feature called Delta patching. Under the current scheme, tools such as Windows Update and SUS examine your system, determine which patches you need, and download them in total. However, these downloads are often quite large. Beginning in mid-2004, patch downloads from Windows Update and WUS will use Delta patching technology to not only download just the files you need but to also download just the parts of the files you need, thereby keeping the downloads as small and fast moving as possible. These patch-management solutions will also take advantage of priority patching to ensure that your system downloads and installs the most crucial updates before less-important patches. So when the next virus outbreak hits, Windows users will immediately be protected.

WUS offers some major improvements over SUS. WUS lets you subscribe to specific patch downloads, so an office in one location might download only the specific Windows, Microsoft Office, and Microsoft Exchange Server updates it requires; a second office in another location might also download Microsoft SQL Server patches. SUS doesn't let administrators target patch deployments so that crucial business systems (e.g., outward-facing servers) are updated first, but WUS fixes this limitation . Now, you can target groups by using either Active Directory (AD) organizational units (OUs) or manually created machine target groups if you don't use AD. Microsoft is supplying a scripting interface to automate this targeting process.

In a nod to slightly larger companies that maintain physically separated servers but don't want to upgrade to SMS, Microsoft has also imbued WUS with the ability to scale out, with a new notion of parent and child WUS servers in which child servers receive specific updates from parent servers and supply them to machine groups. You can set bandwidth-throttling rules to ensure that WUS doesn't flood your network during the business day or open the flood gates at 3:00 A.M.

Finally, WUS will include a basic reporting engine, which will let administrators receive automated at-a-glance status reports at specified intervals explaining whether all machines were patched. Microsoft isn't supporting ad hoc reporting with WUS 1.0, however. "That's a more complex task," Steve Anderson, director of marketing for Windows Server at Microsoft, said. Anderson says ad hoc reporting is one area in which SMS will add value for businesses interested in automating patch management.

I've only begun to look at early WUS beta code, but from what I can see, WUS is going to be a major release that all Windows shops should evaluate as soon as possible. Indeed, that's the product's biggest problem: Because of the lengthened development cycle of XP SP2, which includes the Windows Update upgrade that WUS and other patch-management tools rely on, WUS has taken far longer to come to market than originally planned. WUS is set for a late 2004 release. However, you can get your hands on WUS more quickly than that by signing up for the WUS Open Evaluation Program at the Microsoft Web site ( ) and you'll receive a beta version of the product sometime this summer. A private beta for the product just began, according to testers I've contacted.

As Microsoft customers, we're no strangers to longer-than-anticipated product releases, but this is one bit of software that will likely be worth the wait. I'll report back after I've spent more time with WUS.


==== Sponsor: NetIQ Corporation ====
Free Active Directory Security Whitepaper
Has managing and securing Active Directory permissions become more complex than ever before? Are you looking for a way to increase the security of your network, while improving IT responsiveness to support requests and lowering network administration costs? Download NetIQ's free white paper, "Securing Access to Active Directory-A Layered Security Approach" to learn how a tiered approach to security helps organizations reduce the need for elevated levels of privilege and protects the Active Directory from becoming polluted. Download it now.


==== Hot Off the Press ====
by Paul Thurrott, [email protected]

Microsoft Faces Record Fine, New Windows Version in EU Case
Antitrust regulators in Europe will fine Microsoft a record $613 million, require the company to offer a separate version of Windows that doesn't include Windows Media Player (WMP), and require the software giant to share more Windows Server code with competitors, according to various reports. Microsoft representatives in Europe have already described the fine as "too big," and the company has vowed to fight the ruling with an appeal. For the complete story, visit the following URL:

==== Announcements ====
(from Windows & .NET Magazine and its partners)

Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will concentrate on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.

Event Central--a Comprehensive Resource for the Latest Events in Your Field
Looking for one place to find the latest Web seminars, roadshows, and conferences? Event Central has every topic you’re looking for. Stay current on the latest developments in your field. Visit Event Central and find answers now!

Take our Brief Survey!
Does your company use third-party management tools to manage your Microsoft Windows network? If you do, Windows & .NET Magazine would like to hear from you about your preferences. Please respond to our short survey regarding Windows management tools and we'll enter you in a drawing to win one of two $50 gift certificates.

~~~~ Hot Release: (Advertisement) NEC Solutions America ~~~~

Want continuous availability? Check out the free White paper on NEC's Fault Tolerant Servers. Download this free technical white paper now, courtesy of Windows & .NET Magazine's White Paper Central.;7457463;8469764;f?

==== Instant Poll ====

Results of Previous Poll: Mobile Device Procurement
The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "If your company uses mobile devices, how are they procured?" Here are the results from the 103 votes:
- 53% Just like PCs
- 6% Purchased by individual employees and reimbursed by the company
- 41% Purchased by individual employees but not reimbursed by the company

New Instant Poll: Software Update Services
The next Instant Poll question is, "Does your organization use Microsoft Software Update Services (SUS) to keep computers up-to-date?" Go to the Windows & .NET Magazine home page and submit your vote for a) Yes, b) No, we use a different Microsoft patch-management solution, c) No, we use a third-party patch-management solution, or d) We don't use a patch-management solution.

==== Resources ====

Featured Thread: Printer Sharing
When forum reader Zwick tries to add additional drivers to the printers on his Windows Server 2003 server to support Windows NT 4.0 clients, he gets the error message "Windows cannot locate a suitable printer driver. Contact your administrator for help locating and installing it." If you can help, join the discussion at the following URL:

Tip: If I have a Windows XP machine that has a lot of memory, can I improve performance by removing the pagefile?
by John Savill,

Any program that runs on an Intel 386 or later system can access up to 4GB of RAM, which is typically far more memory than is physically available on a machine. To make up for the missing physical memory, the OS creates a virtual address space, known as virtual memory, in which programs can see their own 4GB memory space. (This virtual address space consists of two 2GB portions--one for the program and one for the OS.) The OS is responsible for allocating and mapping to physical RAM those parts of the program or memory that are currently active.

To work around a machine's physical RAM limitations, a local file known as the pagefile stores pages (in 4KB increments) that aren't in use. (One installation can have multiple pagefiles.) When a program needs to access a page from the pagefile, the OS generates a page fault that instructs the system to read the page from the pagefile and store it in memory. Because disks are much slower than memory, excessive page faults eventually degrade performance. A computer's RAM consists of two sections. The first section, the nonpaged area, stores core OS information that's never moved to the pagefile. The second section, the paged area, contains program code, data, and inactive file-system cache information that the OS can write to the pagefile if needed.

Although the discussion so far might lead you to believe that Windows stores only active code and data (plus the core OS) in physical RAM, Windows actually attempts to use as much RAM as possible. Often, the OS uses RAM to cache recently run programs so that the OS can start these programs more quickly the next time you use them. If the amount of available free RAM on your computer is low and an application needs physical RAM, the OS can remove from RAM pages of memory used to cache recently run programs or move nonactive data pages to the pagefile.

So, if you have a lot of RAM, you don't need a pagefile, right? Not necessarily. When certain applications start, they allocate a huge amount of memory (hundreds of megabytes typically set aside in virtual memory) even though they might not use it. If no pagefile (i.e., virtual memory) is present, a memory-hogging application can quickly use a large chunk of RAM. Even worse, just a few such programs can bring a machine loaded with memory to a halt. Some applications (e.g., Adobe Systems' Adobe Photoshop) will display warnings on start-up if no pagefile is present.

My advice, therefore, is not to disable the pagefile because Windows will move pages from RAM to the pagefile only when necessary. Furthermore, you gain no performance improvement by turning off the pagefile. To save disk space, you can set a small initial pagefile size (as little as 100MB) and set a high maximum size (e.g., 1GB) so that Windows can increase the size if needed. With 1GB of RAM under typical application loads, the pagefile would probably never need to grow.

If you want to prevent Windows from moving any core OS kernel or driver files to the pagefile, perform the following steps:
1. Start a registry editor (e.g., regedit.exe).
2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management registry subkey.
3. Set the DisablePagingExecutive registry entry to 1.

If you want to determine how much of the pagefile is actually being used, you can download Bill James's various pagefile utilities, which are available at . Among these tools is a WinXP-2K_Pagefile.vbs script that tells you the current and maximum pagefile usage.

==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

New--Microsoft Security Strategies Roadshow!
We've teamed with Microsoft, Avanade, and Network Associates to help you better protect your infrastructure and applications against security threats. Learn how to implement a patch-management strategy; lock down servers, workstations, and network infrastructure; and implement security policy management. Register now for this free event.

==== New and Improved ====
by Carolyn Mader, [email protected]

Look Through Compressed Archives
Reymax Software released LAN Spider 2.1, a LAN-searching tool that lets users look through compressed file archives to find documents without having to unpack the documents. The program supports all popular compression formats and provides a simple UI. You can use LAN Spider to search the entire network, local computer, and a specified domain, workgroup, and IP range. Pricing is $29 for a single-user license. Contact Reymax Software at [email protected]

Ensure Optimal Email Usage
Red Earth Software released Policy Patrol 3.0, a suite of email-filtering products that ensures optimal use and management of a company's email system. Policy Patrol 3.0 features improved spam protection through Bayesian filtering, remote image detection, and word pattern matching. User-based permissions and automatic folder tasks now let you offload tasks such as monitoring quarantined messages and updating whitelists and blacklists. Policy Patrol is available in four different versions: Policy Patrol Zip, Policy Patrol Disclaimers, Policy Patrol Spam Filter, and Policy Patrol Enterprise. Pricing starts at 10 users and is $95 for Policy Patrol Zip, $145 for Policy Patrol Disclaimers, $325 for Policy Patrol Spam Filter, and $395 for Policy Patrol Enterprise. Contact Red Earth Software at 603-436-1319.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== Sponsored Link ====

Enter the Microsoft Windows Server 2003 Challenge. Win BIG prizes.;7509848;8214395;y?


==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]


==== Contact Our Sponsors ====

Primary Sponsor:
Argent Software -- -- 1-860-674-1700

Secondary Sponsor:
NetIQ -- -- 1-888-323-6768

Hot Release:
NEC Solutions America --


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

View the Windows & .NET Magazine Privacy policy at Windows & .NET Magazine a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.