Microsoft Windows Server Update Services Reviews

I have utilized the automatic update for approval feature.

I use Microsoft Windows Server Update Services on-premise.

I have not ever purchased a Microsoft Windows Server through the AWS Marketplace. When I'm buying a server, I buy a license, and if I need a server license, I buy it online. I buy OEM, rather than deal with the nightmare that is AWS.

The current server operating systems are the backbone of our entire network. Obviously, you split between cloud and on-premise, but everything on-premise is running on Windows servers.

I have utilized the automatic update for approval feature.

It has not helped with compliance, but it has helped to make sure that those updates are available to my users. It's a laptop shop, so I can't really deploy anything automated. My users are a big part of the update process here; they can really only run it when they have availability.

All Microsoft products' initial setup isn't very intuitive, so you have to have some familiarity at the Microsoft level to understand it. I would give it probably a four out of 10; not a high score.

I wouldn't say any of the update services have great features. The only real advantage I have for having Microsoft Windows Server Update Services is if I know or have been informed of a bad update that's causing software conflicts, I can stop it. But I do not depend on Microsoft Windows Server Update Services to keep my machines updated because the failure rates are too high.

I have other tools for reporting and inventory capabilities. The inventory tool and the entire backend of Microsoft Windows Server Update Services is poorly coded. It's not very reliable, so you can tell when dealing with bad code, and it may work one day but may not work another. So I had to stop using it because I need something that's reliable, therefore I use other tools for that information. In a pinch, you can use Microsoft Windows Server Update Services tools, but for the most part, they're not reliable enough.

I don't believe I've seen any improvement on bandwidth optimization or deployment speed from Microsoft Windows Server Update Services. In fact, the only real improvement comes directly from Microsoft because they stagger the updates. So that helps, but having Microsoft Windows Server Update Services on-premise does not provide any real benefit.

Its pricing is just all-inclusive. I don't think about it that way. If somebody tried to sell me Microsoft Windows Server Update Services, I would probably reject it. It's a tool that we have, so we use it, but if I were to pay extra for it, I would say it's not worth it.

Some of the main differences between Microsoft Windows Server Update Services and the other tools are that WSUS's backend is based on IIS, which is not a very reliable host method. You're going to have problems getting Microsoft Windows Server Update Services to run when you have a large organization. The speed of it is quite painfully slow, so there's not a lot you can do to get Microsoft Windows Server Update Services to work under stress. The other tools just work. I can tell you what services are running on each of my machines and can stop or restart services. I can inventory the software they have on them with multiple tools, so I know what software is on our machines. I don't have to rely on a tool that works when it wants to and requires so much maintenance to keep it going. Microsoft Windows Server Update Services is only to green check updates that I know are fine, but obviously, it could save me in a pinch if something went wrong.

I have been dealing with Windows products for 27 years. We're talking Windows, including Windows 3.1.

Some of the main differences between Microsoft Windows Server Update Services and the other tools are that WSUS's backend is based on IIS, which is not a very reliable host method. You're going to have problems getting Microsoft Windows Server Update Services to run when you have a large organization. The speed of it is quite painfully slow, so there's not a lot you can do to get Microsoft Windows Server Update Services to work under stress.

Microsoft support is the best support of all support, at a certain level. When you pay for the support, you are guaranteed resolution, and I don't think anybody else does that. Microsoft does, and if you have a problem and you pay the $400 or whatever per incident, you know you're going to get resolution. Of course, the caveat being they're very precise in what they're going to fix; if other problems stem from that, that's a separate issue. The price can get up there, but their guarantee has been there from the beginning; they will fix your problem. That's 10 out of 10 stuff.

Positive

All Microsoft products' initial setup isn't very intuitive, so you have to have some familiarity at the Microsoft level to understand it. I would give it probably a four out of 10; not a high score. You could do it wrong and not know you did it wrong, leaving it incorrect for years until somebody else looks at it and says, 'This is not working.'

I have experience with Microsoft Windows Server Update Services, but not with Windows Autopilot.

I would rate Microsoft Windows Server Update Services as a four out of 10; I wish there were other options that were better and free.

My real name can be used with the reviews.

The company name should remain anonymous.

Overall rating: 4/10

We are end users of Microsoft Windows Server Update Services. Our usual use cases for Microsoft Windows Server Update Services involve our colleagues setting up connections to their web stage and regularly updating our servers on request for updates.

I think that the most valuable feature of Microsoft Windows Server Update Services is the update for Microsoft Windows Server, as we do not use any other tools, but I don't know if Office 365 is under Windows update services regulation; it is not in our domain because we use it, but other teams are responsible for this task.

The key features or benefits of Microsoft Windows Server Update Services that have been most valuable in my IT administration processes are just the services for updating my Windows and Windows Servers, and as I mentioned, we don't use many applications; we just use it for Windows updates.

Microsoft Windows Server Update Services supports our regular requests for reliable systems, and updates are part of the process of keeping those systems stable, reliable, and confidential.

I think that an area of Microsoft Windows Server Update Services that could be improved is to make these updates less often and more rarely than now, because we have to do these updates once a month or even something in 15 days.

I would like the updates to be less often and more rarely because they have a high impact on our team since we use these machines for some operations 24 hours a day, seven days a week.

I have been using Microsoft Windows Server Update Services in this company for three and a half years.

My thoughts on how stable and reliable Microsoft Windows Server Update Services is can be described as medium; when we schedule our updates, it works, and that's it—nothing irregular or different than what was expected.

I think that Microsoft Windows Server Update Services is okay in terms of scalability; I don't know details, but we didn't have problems escalating it from previous to later versions.

I haven't interacted with the technical support of Microsoft Windows Server Update Services, but maybe my colleagues have; I didn't.

Neutral

Before Microsoft Windows Server Update Services, I didn't use different software for the same use cases in this company.

I don't know if I have seen any return on investment from Microsoft Windows Server Update Services because this task has been done for a long time; it is something regular, and we do it. Of course, every time you pay something, you think about whether it could be cheaper. This is a regular request to update your services and Windows machines, and you have to pay for it; if they have some bundle options to pay less for more, we will get it and use it.

I don't know all details about pricing for Microsoft Windows Server Update Services, so I can't answer this question.

I am not introduced to the automatic update approval feature in Microsoft Windows Server Update Services; maybe my colleagues who assist in this task and processes are.

We have some inner regulation for reporting about compliance with updates in Microsoft Windows Server Update Services, but I can't talk about it.

I don't assess the impact of bandwidth optimization on our network efficiency and deployment speed as we don't have special requests about it; it is just regular, and I am not introduced if there are some special setups because my colleagues are responsible for that task.

I integrate Microsoft Windows Server Update Services with Windows 10 and Windows 2023.

I have a normal opinion about the quality of the integration of these solutions altogether because it is something usual for Microsoft, with nothing great or extraordinary; it is a regular task and process.

I have personally used documentation for Microsoft Windows Server Update Services, but Microsoft is something regular, and you do most things without documentation, just clicking on some link or starting tasks for updates on time; Microsoft tools are user-friendly, and you don't read documentation every time you have to finish something updating Windows machines.

I don't remember now if I have used documentation in the last six months, maybe, but not recently.

My overall review rating for Microsoft Windows Server Update Services is 8.

Internal IT is using different solutions for network monitoring, network access control, DLP, and other solutions they are using.

We are managing compliance for organizations, update policies, and security requirements.

The reporting and inventory capabilities of Microsoft Windows Server Update Services are perfect.

The best features in Microsoft Windows Server Update Services include the patch solution, but the VSA patch solution is not working perfectly because most things depend on the API which is getting incorrect information from Microsoft. The VSA API integration is not perfect when compared to another product.

This entire solution is very good for small or medium organizations, but it is not suitable for large enterprise organizations where customers have 30,000 assets or 40,000 assets.

Microsoft Windows Server Update Services should improve its patching solution by providing offline patches because most customers are not willing to provide direct internet access to Microsoft cloud and don't want to expose their workstations through the internet. In those situations, Microsoft has limitations; most patches are totally dependent on internet access and they are not providing offline patches.

Microsoft Windows Server Update Services is lacking detailed information such as different patch information, CVSS values, and an approval mechanism; some are giving classification wise, and some are giving product wise.

Microsoft Windows Server Update Services does not provide detailed patching information. Individual machine-wise details are available, but for any centralized deployment, that is not available. It is only available on the WSUS server which has its limitations.

I have been working with Microsoft Windows Server Update Services for 15 years.

Microsoft Windows Server Update Services is about 80% stable.

Microsoft Windows Server Update Services is easy to scale.

When integrating Microsoft Windows Server Update Services with cloud solutions for a hybrid environment, there is flexibility in scaling.

I have not reached out to direct Microsoft support since I contacted them two years ago.

Negative

My customers have evaluated other tools before working with Microsoft Windows Server Update Services for patching, and they are using other solutions as well. However, most of them are using Kaseya, but for patching they opted out for different solutions because they are not satisfied with the patching due to the limitations.

The initial setup of Microsoft Windows Server Update Services is straightforward.

We are not resellers or implementers; we are the partner of Kaseya and the MSP for Kaseya.

Regarding the cost, Microsoft Windows Server Update Services is reasonable.

I am still working on Kaseya only for patch management solutions.

For vulnerability management tools, I am using only the VSA patch.

Sometimes we are using manual processes for Microsoft Windows Server Update Services, sometimes using our Kaseya solutions. It depends on the architecture and customer needs.

I would recommend other solutions because many features are not available in Microsoft cloud directly.

I am personally using Windows 10 and Windows Server.

We have not purchased Windows 10 through AWS.

We are using Microsoft Windows Server Update Services.

I am very familiar with the automatic update approval feature in the solution.

The biggest benefit of Microsoft Windows Server Update Services is that it secures the environment, securing the data points of security and vulnerability, which helps these patches secure our environment and solutions or assets.

I can recommend solutions to manage the Windows patches for those who want to use Microsoft Windows Server Update Services.

On a scale of 1-10, I rate Microsoft Windows Server Update Services an 8.

I use Microsoft Windows Server Update Services primarily for Windows updates, specifically for updates and security patch updates from Microsoft.

The benefit of working with Microsoft Windows Server Update Services is that all services and all Windows services will be updated. I confirm that they all get downloaded and installed simultaneously, and the new security patches are applied automatically.

I think nothing could be improved or enhanced in Microsoft Windows Server Update Services because it is doing precisely what it has to do. I do not see any minor enhancements or limitations to be omitted, nor do I suggest any optimization options because I find it is working fine, and I do not complain.

I have been working with Microsoft Windows Server Update Services for six years.

I express that I am not happy with their services. I explain that I am unhappy because it takes too long for a reaction. I do not know how much time usually takes them to respond. I think the response usually takes a couple of days or some weeks.

Negative

Zerto was the solution, but we do not use Zerto anymore.

I am not sure about Windows Service Update; I mentioned Windows Server, but I do not think we do Windows Server AppFabric. I indicated that we do not use Windows Process Activation Services or Windows Server Failover Clustering. I acknowledge that Update Services is what I meant to communicate. We have a procedure related to the automatic update approval feature in Microsoft Windows Server Update Services. I do not know if we used this procedure; we just use Microsoft Windows Server Update Services with a scheduled task, and that is all. I have not used the reporting and inventory capabilities to manage update compliance, but maybe our security team has.

I like this product because there is no other product, and my colleague is working on the Azure service updates, so if that is working, then we have no need to use Microsoft Windows Server Update Services from Windows anymore. I have not found something that I have been using the most.

I have a long history with Microsoft and the products they provide. Typically, they are hesitant to provide good service when a competitor offers better service. That's been my experience with WSUS; it is way more complicated than it needs to be.

Patch management is a big thing, and I can't say they don't provide that basic service. The issue is what you need to do to get there. That's the problem. Patch management is indeed valuable, however, the process to achieve it could be improved.

I have a long history with Microsoft and their products. Typically, they are hesitant to provide good service when a competitor has a better service. That's the experience I have with WSUS; it's more complicated than it should be.

I don't have an impression about scalability since we stopped deploying it. It's possible that it's insanely scalable; I don't know. I do know that many companies use it. We are just not one of them.

The safest evaluation is that I have not directly dealt with Microsoft Update in probably five years. There was a time when contacting the support agency was more straightforward. The phone tree for Microsoft Update makes me smash my head against my desk. That's not just Microsoft; it's industry-wide.

Neutral

We actually gave up on deploying it and are doing a different track at this point.

We actually gave up on deploying it and are doing a different track at this point.

It's free. Basically, as long as you have licensed Microsoft servers, you should be good to go.

Whether to use the solution or not is going to be context-sensitive. If you have a strong Microsoft team, you can probably handle this. If, like my team, you also have a dozen other vendors to consider, it's not just the operating system. The pattern I've seen over time with WSUS is that it has the potential to be a fantastic product, yet it doesn't feel finished. 

People try to implement WSUS, and context is important. In my context, we're a small business without teams of Microsoft-certified people. We are just trying to use what's available to achieve a goal, and WSUS is fine, however, not the best product out there. 

The business in America often tries to do more with less. I would not recommend it to a team of my size. If a company had half a dozen or a dozen Microsoft-certified people, I'd say, run with it. For a team of my size, no, absolutely not.  

I would rate the overall solution a solid eight out of ten.

My primary use case is deployment. I use it for operating system management, specifically for updating service packs, hotfixes, releases, and general updates of Microsoft products.

The simplicity of the configuration is a valuable feature for me. I can configure a few small things, and it becomes operational within some hours. The reporting is good. Many organizations may not see direct improvements, however, the ease of use and efficient reporting contribute significantly to my overall productivity.

Sometimes, I encounter issues with the Windows internal database, which occasionally does not load, leading to the Pandit console stopping. I have to repair the database and perform export and import operations. The performance of the Windows embedded database should be reliable and perform well. Improvement is needed regarding the Windows internal database of the WSUS Server.

I have used the solution for 15 years, maybe.

Improvement is needed regarding the Windows internal database of the WSUS Server. The console stops working, and that's the only concern I have so far.

It is not very scalable. It is suitable for small to medium setups. Though there are options to use Microsoft MS SQL, it does not support more than 3,000 clients. To go beyond this, shifting to SCCM is advisable.

I find the support is not great for Microsoft. Microsoft Update provides one of the worst support experiences among all tech companies that I have experienced. They just keep tickets lingering, saying they are troubleshooting and checking. They perform the same troubleshooting steps repeatedly. If one person goes on leave, the next person starts from the beginning, and they also say this does not come under their regular support. 

Premium support is recommended, however, it's handled by the same person, and nothing changes. Premium support does not have any benefits.

Negative

I find it's easy to install, which is a main functionality I like.

It's a free service. You just buy the Windows Server operating system, and it is an internal feature.

Regarding Microsoft, I previously worked with Dynamics, Exchange, and Azure, however, I do not now. I am currently working on documentation and technical writing without using any application. 

AI may not solve any problems for the WSUS Server. There is no integration available, and AI tools are blocked for me in the organization. I use only email for communication. I am into policy creation, client engagements, audits, and providing security updates for Office 365.

I have left my previous profile, and someone else is working on that now. I am not using any tool at the moment. 

Overall, I'd rate the product seven out of ten.

In our network, we have configured two methods. One is Symantec's GUP server on the graph of the server, which is directly updated with OSHS and server update packages. The second method is the WSUS server, which is connected to Active Directory and is a client within our network. It automatically updates Windows patches and services.

Operationally, our team in Haridwar updates the Windows services and critical patches on their end. We monitor the Windows Server patches to ensure they are updated and functional, minimizing operational disruptions and enhancing network performance.

We use the security patch-level services provided by Microsoft. This is essential for keeping our network secure.

Microsoft should address the issue where some updates cause the blue screen (BlueDump) error in the server OS, which is not supported in the hardware. Removing unsupported patches or providing solutions directly would help mitigate this issue.

I have over ten years of experience working with the solution.

We face stability issues with some critical patches, which are not supported by the hardware. Accepting this issue, everything works well.

I rate the scalability of Windows Server Update Services as a ten out of ten.

We have some experience with Microsoft technical support, but I am not satisfied with their service. They often do not provide proper solutions and direct us to various resources without resolving the main issue.

Neutral

We use Symantec GraphUpdate, which remotely updates Windows patches and services.

The setup experience is good overall. However, sometimes we face technical issues that require us to search for solutions externally.

The cost of the solution is managed by our purchase department, however, it is deemed a good solution overall.

I recommend using Windows Update Services to IT administrators. It is a user-friendly system with minimal challenges in updates or services.

I'd rate the solution ten out of ten.

We have Microsoft Windows Server Update Services in place to deploy standard Microsoft updates. It does not allow us to update or patch other products, which is a limitation. We use it for the deployment of updates without additional costs.

Microsoft Windows Server Update Services allows us to deploy updates efficiently at no additional cost.

The most valuable feature of Microsoft Windows Server Update Services is its low cost, as it requires no additional licensing fees.

There are several areas needing improvement, including the management of third-party patches, better enforcement of patch deployment on user PCs, and the ability to schedule updates at specific times. If these areas were improved, Microsoft Windows Server Update Services could be more competitive.

We have been using Microsoft Windows Server Update Services for more than ten years since it was in place when I joined the company.

Microsoft Windows Server Update Services is very stable and does not require special maintenance.

I do not have much experience with its scalability since our company size has not changed significantly, but it's easy to deploy additional servers if needed.

We have not needed to contact Microsoft's customer service as the available documentation is comprehensive and helpful.

Positive

We previously used Microsoft Windows Server Update Services and are now exploring Qualys for its added benefits, like a more comprehensive approach to vulnerability management.

The initial setup of Microsoft Windows Server Update Services was straightforward and uncomplicated.

One person can deploy Microsoft Windows Server Update Services; it does not require a team.

Since Microsoft Windows Server Update Services is free, we do not have any additional operational impacts, and there are no additional costs incurred with its use.

Our experience with Microsoft Windows Server Update Services involves no setup cost or licensing fees, as it is included with our existing licenses.

I did not participate in the evaluation process for choosing Qualys, and therefore do not know what other options were considered.

I'd rate the solution seven out of ten.

The primary use case is for managing the distribution of updates within a corporate environment. However, SCCM remains the major tool for patching.

In the current era of heightened cybersecurity concerns, ensuring that your systems are consistently updated and well-protected is imperative. This solution becomes particularly crucial for services accessible to the public, especially those exposed to the internet—a condition that is increasingly prevalent for most entities today. It stands as one of the essential measures for safeguarding against potential cyberattacks.

The noteworthy aspect is the system's capability to handle an extensive range of services and workloads, with the potential for almost unlimited scalability.

One area for potential improvement involves the administrative portal, where numerous options, including asset management and patch management, are integrated. There's a suggestion that decoupling these integrated tools might be beneficial. This decoupling could involve separating services or options to provide more flexibility and potentially reduce costs, allowing for a more modular approach to the utilization of these tools.

I have been using it for approximately twenty years.

The system is notably robust, particularly when utilized with Microsoft products. The stability is high, and it could be rated around eight out of ten.

Scalability, particularly with the integration of cloud services, is notable. In the cloud environment, scalability is essentially bound by your budget—expanding resources as much as you're willing to invest. On-premises, however, scalability involves purchasing additional subscriptions and compute resources before increasing the number of servers, introducing a more upfront and structured approach to resource expansion.

Technical support needs to be organized into different levels, starting with frontline support and extending to backend support. For the backend, a team of around four individuals is typically required to effectively manage those responsibilities.

The initial setup of the system is complex. It requires the expertise of an individual who can set up and comprehend the intricacies involved. Even after installation, the configuration of processes, services, and other elements necessitates specific attention and configuration.

Deploying the system requires the assistance of an expert, especially if you are not familiar with its nuances. The application is comprehensive, covering various aspects, and demands expertise in specific configurations for accurate setup.

The licensing cost is a component of the enterprise services associated with Microsoft. Given the multitude of features within the solution, it tends to be on the higher side in terms of expenses. While it might be relatively more expensive for smaller companies, larger enterprises can find it robust and capable of delivering significant value.

I would suggest to evaluate your environment, analyze specific use case scenarios, and weigh the benefits the system provides. The suitability of this solution varies depending on the size of the organization. Overall, I would rate it eight out of ten.

As a system administrator at my organization, I use Microsoft WSUS to manage the updates for all the Microsoft products that we are using. Since WSUS is a service that handles the Microsoft updates and their deployments to a group of servers, you could technically call it patch management software.

Just like IIS, it comes built-in with the version of Windows Server that you are using, and we are currently using WSUS on Windows Server 2022 to efficiently manage the updates on all the other servers in our organization.

When you're working in the IT department of an organization, you will often have to set policies regarding what users can and cannot download from the internet, especially when it comes to updates. Most updates are binary files and programs, and these are types of files that can sometimes be harmful, so an organization needs a way to prevent the downloading of these files.

Instead of leaving each server to download their own updates, with WSUS you have a centralized management tool for all the updates alongside a log for all the servers. By creating and deploying a WSUS server that will download the updates from the internet and dispatch them to the other servers, you can have control over the entire deployment process.

Essentially, it's like a Windows Update proxy that you absolutely need to have, as the IT department grants the WSUS server an exception to download files of any type from the internet. This is the only server with such an exception so that you can control what is entering or exiting the network with regard to updates.

The advantage that is offered by WSUS is not only that you can manage all updates (e.g. critical updates, essential updates, feature updates, driver updates, etc.), but also that you can manage the updates per type of operating system; for example, Windows 10, Windows 11, Windows Server 2022, Windows Server 2019, and so on. It provides you a way to create classifications of types of updates per type of operating system. And all this, you can do from a single management console.

The main problem with WSUS is that the management console doesn't allow you to do a lot of operations. It's actually quite a primitive console, and has been since day one. In order to be more effective, you need to use another tool from Microsoft that can take advantage of WSUS and also offer you the extra features you need.

For example, SCCM (System Center Configuration Manager) is software from Microsoft that uses WSUS and gives you many more features than you would get from using WSUS alone. To truly manage the updates of your entire environment effectively, you either need to automate the features you need with PowerShell scripts or you need to use SCCM.

To illustrate one particular limitation of the basic WSUS management console, when you download updates with classifications per operating system, sometimes it doesn't offer you a good way to display or regroup updates that are part of a specific group. Or, as another example, if you just want to see the latest updates, the WSUS console will simply show you all the updates that are available. Microsoft uses an updating process whereby each new update will supersede the previous one, meaning it will expire the old updates, but the management console doesn't offer you a way to regroup or display only the new updates while excluding the ones that have expired. This is one of the many management features that are missing from the WSUS console.

One other area of improvement is that when you want to add servers to use WSUS, you can't easily add or search for a server. To add a server into the management console, you need to do other things and wait until the check cycle starts, meaning that you need to wait for a while until you see the newly-added server that will be handled by the WSUS server.

We started using Microsoft WSUS in 2015, although after a few technical problems we stopped using the service because it was causing us a lot of trouble. Later, in 2022, I redeployed a server that we now use to manage the updates for all the Microsoft products that we are using.

As one of the administrators for our WSUS server, I would say that it is very stable.

Regarding the scalability, you can actually configure something of an ERP version of the WSUS service. For example, if you work in a company that has multiple sites and these sites are located in other states or countries, you can deploy WSUS for each site. Once you've done that, these WSUS servers will all communicate with a parent WSUS server that will then deploy updates to each child WSUS.

Therefore, I'd say that WSUS is quite scalable since we can make servers communicate with one another, in the sense that you have one parent source that communicates with and deploys updates to each child WSUS service in a hierarchical arrangement.

My rating for WSUS would be the same rating I would give the overall technical support from Microsoft, and it all depends on the criticality of the incident. Microsoft will sometimes call you within 24-48 hours depending on the urgency of your request, and most of the time, Microsoft support does a good job.

We haven't used any other solution for this type of process as there are no other products that offer the same service, because Windows Update is part of the Windows Server operating system. It is like a black box that nobody knows anything about and you aren't provided with any tools that can offer the same job that the WSUS server does.

Setting up WSUS is quite easy, but the installation itself is just a feature you can enable in your server. If you really want to use it well, you need to do extra configuration tasks, not only in the WSUS server but also in the Active Directory server. You will typically have to create a few network group policies and other configurations in addition to setting up WSUS itself.

I was responsible for deploying our current WSUS server, but we are still in the testing stage. We haven't yet deployed WSUS to be used in a production environment at all, since we are still adding in servers one by one, testing everything as we go along.

The licensing of WSUS is free of charge because it comes with the Windows Server operating system, included as a feature of the operating system itself. It's simply a role that you enable within Windows Server. Technically, we are only a customer of Microsoft and not a customer of WSUS.

For example, if your license for the Windows Server 2022 operating system costs, let's say, $400, then this license will include WSUS and all the other features of the Windows Server operating system (like IIS, etc.). So, ultimately, to speak of the licensing of WSUS, you have to refer to the price of the server license and what kind of contract you have with Microsoft. If you rent, it's a rental license contract, or otherwise you might go with a volume license contract.

Suppose a corporation wants you to buy a number of licenses, and you opt for a group of individual licenses at a price of, for example, $200 per license. If you want to deploy 50 servers, you will need to buy 50 licenses. This method of licensing is very expensive and it will cost far too much to be reasonable. That's why Microsoft offers what are called "volume license" packages.

With volume licensing, Microsoft gives you a discount if you buy a large number of licenses. But with the volume type of licensing, you are not able to get upgrades for the next version, such that if you currently have Windows 10 or Windows Server 2019, you can't upgrade to Windows 11 or Windows Server 2022, respectively. Although these licenses are perpetual, you will be stuck with the same version.

The better option is to go for a rental contract, which means that you merely rent a certain number of licenses each year, and these licenses won't expire unless the contract expires (at which point you lose access to the portal where you can download operating systems and other applications along with their licenses). Importantly, these licenses give you the ability to do upgrades from one version to another. For as long as you are on a rental contract, you will pay an amount of money depending on the type of software you want to rent (e.g. Windows Server, Microsoft SQL Server, Windows 10, Windows 11, Office 365, Visual Studio, etc.), and you will always be able to upgrade from one version to another.

This is just a basic overview of the licensing models from Microsoft; the details are much more complicated.

One piece of advice I can give is that it's important to acknowledge that, sometimes, updates can bring their own problems. For example, when you install an update, you need to wait until the computer restarts, and in some cases updates can cause the computer to crash. The crash may even be so severe that you need to reformat the machine and, thus, you lose your data.

When talking about other administrators who are wondering about whether to use WSUS, I can confirm that it's a very good tool. And, if you're also using SCCM, WSUS is even better because SCCM will give you a lot of features that are not provided by the basic version of WSUS.

If you want to deploy updates with WSUS, you must remember that it's always best to deploy only the security updates and critical updates that are recommended by Microsoft, because other types of updates such as essential updates, driver updates, and feature updates can sometimes cause instabilities in the system.

And sometimes these extra updates can cause problems with other products. For example, you can sometimes disrupt another product from Microsoft by installing an independent system update that will cause, for example, the mailing service to malfunction. You always need to be sure to do backups of the servers before using WSUS to perform updates.

Finally, there are a few other things that you will need to know in order to run an effective WSUS server, such as how to work with Active Directory. With Active Directory, you can more easily configure which servers will use the WSUS and which ones will not. For example, if you want the servers to perform updates through WSUS, you need to set this option in the Active Directory server. If, instead, you want the leave the computers to get their updates from the internet directly, you will also need to set this up in Active Directory. To do all this, you need to have at least a minimum amount of knowledge in creating group policies, security policies, and so on.

I would rate Microsoft WSUS an honest eight out of ten, because even though some of the features are lacking, it handles the basic stuff very well.