Click here to return to the James Madison University main page
  
 Computing Home | Self-Help | Accounts Info | Downloads | e-campus | Forms | Passwords | JMU  February 9, 2012


Search Computing
Site map
Updates
System Alerts
Security and Virus News
Computer Security
Computer Security Home
StartSafe
R.U.N.S.A.F.E.
Hot Topics - Current Issues
Critical Security Updates
Cleaning Windows Infections
Internet Fraud
SPAM
Report Computer Security Incidents
Security Awareness (only accessible on-campus)
Policies
 
Contact Us:
flynngn@jmu.edu
540.568.2364
Policy & Security
Computer Security
Computing Policies
R.U.N.S.A.F.E.
Report a violation
Computing Links
AVP Information Technology
CampusLink
CampusNet
Computer Purchases
Computing Support
Database Administration
Desktop Services
e-campus
HelpDesk
Information Systems
Labs
Network Engineering
PC Services
Systems and Operations
Technical Services

 

 

JMU Windows Software Update Service - Frequently Asked Questions

 

 

 

  1. What is it?

    Its a way for your Windows computer to help you keep it safe by having it automatically check for and install critical security updates offered by Microsoft. It is equivalent to Microsoft's automated updates but the updates are downloaded from a JMU server rather than the Microsoft server. This makes downloads faster and allows JMU to delay updates for extra testing.  Instructions for subscribing JMU office computers are included on the StartSafe pages. Student and home computers cannot use the JMU update service and should use Microsoft's standard automated updates as described in StartSafe.

    Microsoft is constantly releasing critical security updates for its products. If your computer does not have these updates, it is basically at the mercy of any hacker, worm, or malicious web link on the Internet. And if your computer is at their mercy, so is your identity, your privacy, and the integrity and proper operation of the JMU network.

     

  2. How often will installations occur?

    Barring emergency updates, your computer will probably do an installation once per month.

    However, if your computer has not been kept up to date, numerous patches will be needed when you first subscribe. In that case, your computer may install patches several days in a row. If this starts to occur, please follow the StartSafe procedures to manually download all currently available updates so your computer isn't sitting on the network with known defects.

     

  3. What if my computer is not turned on at the designated installation time?

    The installation will commence three minutes after you turn the computer back on.

     

  4. What if take my computer off the JMU campus for an extended length of time?

    5. Follow the StartSafe procedures to run the configuration tool and choose the option to disable the WSUS service. This will return your computer to its default configuration. The JMU WSUS service is not accessible outside the JMU network and if you leave JMU, your computer will no longer update itself nor warn you when it needs an update.

     

  5. How do I know if its working?

    An entry is created in the system event log when patches are downloaded and ready to install and again when they are actually installed. The source will be "Automatic Updates".

    If you visit the Microsoft Windows Update web site, you shouldn't see any critical updates more than about a month old after your computer has been subscribed to the service for a few days.

    Ongoing status of the process is also available by viewing registry entries. These are described below in the advanced information section.

     

  6. What products are covered?

    Generally, only Microsoft products are covered. These include:

    1. Windows 2000, XP, and 2003 operating system components. Generally these are things that are installed in a default install by the OS CD.
    2. Windows Defender definition updates
    3. Microsoft Office
    4. Internet Explorer
    5. Windows Media Player
    6. Internet Information Server (IIS) cumulative patches
    7. Some SQL Server security patches
    8. Windows Defender anti-spyware

     

  7. What products are not covered?

     

    1. Non Microsoft products ( e.g. AIM, RealPlayer, Adobe Acrobat, etc. )
    2. Version upgrades ( e.g. Internet Explorer 5 to Internet Explorer 6, Microsoft Windows 2000 to Microsoft Windows XP )
    3. Microsoft Development products ( e.g. Visual Basic, Visual C )
    4. Microsoft Entertainment products ( e.g. games )
     

     

  8. What languages are supported?

    Windows computer may be configured to work in different languages and security updates are unique to each language configuration. The JMU server currently only supports English language updates. If your computer is configured to work in a language other than English, please set you computer up to use Microsoft's update server as described in StartSafe.

     

  9. How does it work?

    The Windows Software Update Service (WSUS) is a Microsoft product running on a JMU server. Each night, the server contacts Microsoft and downloads any available critical updates.

    Your computer queries the JMU WSUS server every 17-22 hours. If there are updates available for your computer, your computer downloads and saves them. At the scheduled installation time, they are installed. If the updates require a restart, your computer is restarted. There are three possible scenarios on your computer at installation time:

     

    1. You are logged into your computer at the scheduled installation time.

      If you are logged into a Windows account with Administrative privilege (typical use unfortunately), your computer will pop up a window telling you an update is available and scheduled to be installed. Always allow the installation to complete at the scheduled time. It will start a 5 minute timer. You can install immediately, wait for the 5 minute timer to start the installation, or refuse the installation. If you refuse the installation, your computer will quit looking for updates. It will also not remind you of the pending installation. You can start it manually by right-clicking the Automatic Updates icon in your taskbar. However, it would be best to always allow the installation to complete at the scheduled time. Doing otherwise defeats the purpose of the automated software update service.

      If you are logged into a Windows account without Administrative privileges, you will see the 5 minute warning but will not be given an option to postpone the installation.

       

    2. You are not logged into your computer at the scheduled installation time. It is powered on.

      The installation will commence automatically. Your computer will restart if needed to complete the installation.

       

    3. Your computer is powered off at the scheduled installation time.

      When your computer is powered on after the scheduled installation time, it will realize what happened and commence an installation sequence three minutes after it is turned on. How it behaves depends upon whether or not you are logged on. See items (a) and (b) above.

    If your computer was previously set up with Automatic Update Notification, where a popup message tells you updates are available or ready to install, you will still get that message. You can choose to install then or wait for the automatic installation at the scheduled time.

    Updates are not automatically made available to your computer once they are on the JMU WSUS server. JMU IT personnel must approve them before your computer can access them. Various things are taken into consideration to determine how long to delay an update's approval:

     

    • The risk posed by the defect being fixed by the update. Considerations include how easy the defect is to exploit, whether exploit code has been published, whether the defect is accessible on JMU computers, whether workarounds exist, the size of the population effected, the repercussions of an exploit, and whether the defect is being actively exploited.
    • The update's potential to cause unwanted side effects. Considerations include how complex the update is, how large, and how large a population is affected.

    In general, critical updates will be released to the JMU population about a week after they are released by Microsoft. Service packs, which are much larger and more complex, may be delayed a month or more. Of course, you are always free to use the Windows Update Site to download updates whenever you desire.

     

  10. Possible Problems

    When you click the "proceed" link to open the sus.hta file, you get a blank screen or a script error in the sus.hta application.

     

    The most common reasons for this are:

    a. You clicked Save instead of Open on the file download window on original SUS web page.

    Close the error window by clicking the close button ( X )

    and try running the service again

    And try again.

     

    b. You have disabled Windows Script Host (WSH):

    The symptoms will be an error window like the one above except the line will be 12 and the Error will be "initialization failed".

    You can download Windows Script Host at http://www.microsoft.com/downloads. Do a search on "wsh". You want version 5.6. Some people disable WSH to decrease risk. The procedure to reverse this depends upon how it was disabled.

     

  11.  

  12. Additional Information

    Microsoft documentation

    Third party support forum

    WSUS Wiki

 

 

 

 

 

 
JMU Division of Administration and Finance James Madison University Website
Publisher:  IT Technical Services   Contact: Security Engineering
Last Revised: June 14, 2006 Privacy Statement