Admins using Windows Server Update Services up in arms as Microsoft deprecates feature Microsoft giveth and Microsoft taketh away, as administrators using Windows Server Update Services (WSUS) will soon find out. Windows Server 2025 remains in preview, but Microsoft has been busy letting users know what is set for removal and what will be deprecated in the release. WSUS fits into the latter category – still …
Yes, we kept a W2000 Server for years to support a bunch of XP workstations. Migrated to Linux for most workstations and ditched Windows Server. We had variably 19K to 64k Internet those years, so WSUS was needed. We then had 8 Mbps fixed wireless and the few computers still on XP updated direct. The last Windows for daily use went in December 2016. We only got fibre October 2023.
We did try running Linux on a VM on Win2K and vice versa, but not enough RAM. So we had two servers. Similarly upgrade to Server 2003 was rolled back to 2000 Server as it was too slow and bloated. I guess that was over 20 years ago.
We had 10 Mbps coax and some token ring when we got our first real server, NT 3.5 running on a 386 with 6 M of RAM. Now it's all 1 Gbps, but the original Cat5 that had a mix of 10 & 100.
Yes it does.
It's called a package mirror. You just mirror a whole repo lock, stock and barrel and point all your internal computers to there. This one's the easiest to get going but relies on the entire organization running only one specific distro or you're going to have tons of mirrors, rsync cronjobs, and are going to need a lot of storage.
Or in the Red Hat world, it is the Satellite server that is centralized server management.
Satellite can be a simple package repository server, or a full system management tool utilizing Ansible playbooks to centrally maintain your Red Hat Enterprise Linux systems.
And if you're needing to support distributed data centers or expand the capacity in a single data center, Satellite can include "capsule" servers that can be local replicas to reduce the network burden on your Satellite or they can be deployed to remote locations to be the local distribution point to reduce WAN bandwidth.
Microsoft hasn't added any features to WSUS in *years*. Azure Patch Manager is getting all the juicy enhancements. Nobody should have been caught off-guard by this. Even then, it will be quite a few years before WSUS is gone, since they are supporting it in Windows Server 2025.
My thought on this are that WSUS works pretty well, why does something that works constantly need new features?
This obsession with new features that nobody other than the developer things might be useful is is why we have so much crap software to deal with.
The main driver behind this is the notion that everything most be "Cloud based".
ok, I'll bite... I think that they wlll make a touch screen a requirement, and you have to slide the screen up with a multi-touch gesture and then tap a button in the middle of the screen.
I know, I shouldn't give them ideas, but that's about as accurate as any other prediction
But configuring sendmail was no job for a novice. First, learn M4. Then be aware of all the vulnerabiities that each configuration item involves.
The default distributions of sendmail often had some serious holes in them. Which allowed your home PC to become an evil mail relay. Hence the default blacklisting of most home e-mail systems.
Many systems (particuarly Linux) were set up by people who really shouldn't have. And only got configured with a domain name and ISPs MTA address.
...away from Microsoft. Not a switch to Linux but a switch to early retirement. It's not just Japanese farmers that are getting older, and dealing with an endless amount of Microshit gimmicks, fails, and downgrades is no way to spend the last decade before your dribbly, leaky dotage. Are enough eager, starry-eyed youngsters desperate to defend systems from the combined abuse of users, hackers and MS? It would be interesting to see some demographics on this.
In an ideal world (perhaps in the cancelled Metaverse?), MS would be learning from its mistakes and making its software more user/admin friendly. Instead it repeats its mistakes and makes its software worse with each passing year. Are people walking away, or just getting on with it?
I'm just one out of plenty of folks, but being only 25 and interested in having something to enjoy my games on, I switched to Linux. Between the AI crap being shoved down our throats and ads becoming ever prevalent in the OS (that I paid $200 for, mind you, when I built my PC), I am basically done. I just want a PC that allows me to enjoy my games and mod my games without the distractions.
Literally the final straw for me was when I was in the middle of a game with friends and got a popup about buying OneDrive...
I'm not sure that Google is a much better provider than Microsoft in the long term. I think I came to the conclusion that they were going to be a serious problem in the future around 2005; I'd personally like to avoid handing them any more power than they already have.
Here's a rather cynical theory: This is planned in order to make us older IT professionals obsolete (or force us to learn new tricks), while teaching the younger generation the MS way who will then come in and kick 'grandpa' out of their job 'cause the youngsters know the system better than the older folk.
In doing so, they reduce the salary budget 'cause you don't have to pay the older, far more experienced and therefor valuable staff: You just hire the youngsters just out of college who 'know better' than the older folk 'cause the skills the older folk have is now obsolete and they're now no better than the younger folk.
It's a win, isn't it?
Well, other than companies retaining old tech for as long as they can, so they need the people who can keep it going a bit longer, or moving to alternative platforms 'cause the constant change being pushed by MS isn't healthy for the business.
They used to be, and sometimes still try to be, but it has been several years since they dropped .co.uk in favor of .com, set up shop in San Francisco, and started publishing more articles about politicians in Washington than London. But I think that the reason you got downvoted is that you may have missed the "/s" at the bottom of his message. Sarcasm and arrogance can be easy to confuse if it isn't tagged.
WSUS is (or should be was) one of the most useful things about Windows Server. It allows us to mask the failings of the normal windows update system which are well known and have been for getting on for 20 years (or more)
They are running around like headless chickens with one leg cut off as they frantically search for the the 'next big thing'.
Sorry MS... All you are doing is pissing off the people who make a living from running your shit.
Time to get off the platform, it is DOA.
I was at the Win 95 release party in Redmond. Dang, that was one hell of an event. And considering the constraints that it had to deal with (think compatibility with most older software) it really was a Big Thing. Truly the pinnacle of the PC industry.
As B. B. King might say, "The Thrill is Gone".
Difficult, I mean, I loved Win 95.
Never forget however that it was a complete mess of a launch. Microsoft shipped "Win95A" to all integrators and OEMs, espousing the new world of USB...before weeks later realising they'd not included the USB elements of the OS in Win95A. IIRC it was recalled en-masse just days before launch and everything sent to landfill as Microsoft scrambled to provide Win95B, and the integrators scrambled to reload all the machines sat in warehouses and distributors globally. This was especially important as the internet wasn't ubiquitous at that point so patching wasn't viable.
If I recall correctly, that was the same launch event at which the OS was projected on the full wall behind Gates who was looking at the audience and talking (?about reliability?) as it bluescreened.
I still love Win 95 but the launch was rough.
Finally had to be dragged kicking and screaming off Win 7 Pro earlier this year, at least Start11, WindowsBlinds and InControl make Win 10 tolerable for not much money. Shout out to Stardock for not taking the piss with their pricing and Gibson Research for just being bloody brilliant!
Would love to move my main workhorse to something like Mint but I'm running the "full Terry Pratchett" with 6 monitors and two graphics cards. Windows is fine but with Mint the proprietary nVidia driver only displays on 3 monitors and the open source driver sees all 6 but runs so slowly it is completely unusable. The graphics cards won't be getting any driver updates from nVidia either so I'm basically stuffed. That said, the nVidia driver sees both graphics cards when I delve into the settings - time to learn a bit about X windows internals?
Everyone is talking with such favourable tone about WSUS but seems to be forgetting what a pain in the arse it was to use. I'm glad I've moved out of Microsoft systems management I feel slightly nauseous thinking back to attempting to patch a Windows server on an air gapped network. Linux made this stuff easy.
The new options are almost useless.
I've deployed Windows Update for Business and Azure Update Manager.
You now have two different systems for servers and clients. They look nothing like one another, and have wildly different capabilities. The reports on WUfB are useless beyond words where there's constant references to the computer GUID from Entra instead of computer names.
Azure Update Manager is a lot better TBF but you can't manage the desktop fleet.
Also WSUS has been broken for a long time too. Woe betide anyone trying to manage driver updates with it. And F for anyone who forgot to add in a product category from that ever expanding, undecipherable list.
I just want to emulate whatever Windows update would deliver, splitting the estate into rings, and block access to anything that falls too far behind. Add in a bit of reporting and done. Why do they make it so obtuse :-/
I'd be only slightly less concerned about RHEL right now given it's owners aren't doing too well with the whole idea of computing, and RH also seem to be on a journey to drive people towards their own paid-for toolsets by deprecating features and packages in favour of licensable features (example deprecating openLDAP out of RHEL 8 in favour of RH Identity Management, which has it's own license).
If you need paid support I'd direct you to one of the other companies offering (probably much better quality) paid support offerings, often for completely open-source OS versions like Rocky/Alma linux or similar, or have a word with Canonical if you prefer APT or SUSE if you prefer RPM.
I have to be grateful for more than 35 years that by choice and good fortune of having SFA to do with Windows and the rest of MS circus. My soul mustn't have been too shabby in previous lives.
I assume the admins running WSUS on disconnected networks dodged the clownstrike fiasco.
I am guessing the demographics of Windows admins are trending to younger less technically knowlegable and more focused on Microsoft's cloud based offerings. More clerk than technologist - roles which unfortunately AI can probably fill with fewer even less skilled people. Basically the future is enshitified MS platform management - a cesspit of crap security, crap reliability, crap recovery, crap accountability and crap performance. A veritable clogged cloaca maxima.
So more reason to remove the air gapped networks and have all the sensitive information "on the internet". WSUS requires just two ports to be open, what's the betting that the cloud "alternative" requires a whole host of URLs with ever changing IPs and multitudes of ports for our on prem servers to access them.
I will miss typing "wuauclt /reportnow and /detectnow" (although one of them didn't work, but I can never remember which so I used both.
The /detectnow stopped working after Win7. The /reportnow still does something, though it can be quite a feat to work out what.
It always seemed strange that there was no /help option, and that there was never any error notification. /Slartibartfast produces exactly the same output as /reportnow.
WSUS I kind of get. It's Wordpad I don't?
How many times I've been on a server and needed to open some archaic or well hidden documentation in the install folder of some software and Wordpad delivered. I can't see it being complex to maintain - I seem to recall in my limited coding experience that writing something similar was an entry level exercise. I don't want to install some 3rd party application and have to take my server on to the internet to pick it up. For those "stood in a datacentre at 3am" moments, it was a very integral part of an OS.
As Microshit have stopped even pretending to make anything useful, rather pumping their share price with stock buybacks & forcing customers into the shitty cloud.
As someone whose worked on airgapped projects that couldn't be plugged into the Internet, even for patching, WSUS wasn't great BUT it was usable. Intune is useless for many use cases & they are IMPORTANT use cases.
Again this is what happens when you let developers & business product managers dictate infrastructure without actually speaking to customers. It's going to be a shitshow!
Are China & Russia STILL bouncing around Azure from the hack 6 or so months ago? At this point I'd agree 100% with the US government opinion that Microsoft are a national security threat. If I didn't know Microsoft are genuinely this shit & shortsighted as a natural state of play, I'd think they're being paid by Russia or China to screw western corporations & drive infrastructure guys to get less stressful jobs at burger king
There are still many very important and high-spending government organizations around the world who run large networks which, because security, are not connected to le nuage and never will be. They account for a horrific number of Windows licenses.
If you lose them, you lose the key influencers on the publicly visible networks.
Les Garçons de la Nuage* do not seem to appreciate this sordidly inconvenient aspect of reality.
* With apologies to The Rutles.
Every single week I see another thing that Microsoft is RIPPING away from me, without my consent.
WIndows 10 (the last version of windows ever) now being FORCED to go to 11 with ads.
Exchange Server with critical features being disabled: i.e. Unified Messaging.
Windows Mixed Reality being DELETED by force, ruining Microsoft Flight Simulator Virtual Reality which I spent thousands of dollars in hardware to support.
This is not about WSUS, it's a pattern. A pattern of abuse and anti-consumer behavior from Microsoft that started years ago.
And yes, add us to the list of GET OFF MICROSOFT PRODUCTS AT ALL COSTS!
I am one-by-one moving everything to Linux. It's a long road, but we are getting there.
MS has been removing features from SCCM for years. Co-management with Intune the new normal.
Given that the key works is depreciated, either one of two things : like MBAM, MS will have a cut down version of WSUS inside SCCM (unlikely and hella $$$$ to licence for servers). OR, it will just offer a nice front end to one of the intune products.
I suppose the might leverage a cut down version of one of the other WSUS products, too.
Either way, WSUS has been in depreciated mode for about 15 years. A zombie. Now it’s official.
This won’t be good for security of internet accessible systems. Crowdstrike fiasco should have been enough of a reminder as to how important IT is to the modern world. Ripe for another code red.
Another poster pointed out that patching will now be subject to budgets and the internal politics that implies.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
