Tuesday, May 26, 2009

Using WSUS to save bandwidth, and how to set up an XP Home edition computer to use it

Two of the biggest challenges in keeping computers running in Africa are power and bandwidth. Bandwidth as in connection to the Internet, which is now vital for many of us. We're constantly trying to control and limit our bandwidth usage, which gets harder as people have higher and higher expectations. Our old-timers remember when we had to pay $0.50 a page to get emails that were sent over a noisy transatlantic phone connection to an expensive, 19 kbps Zyxel modem. Newcomers from developed countries are used to streaming video, Skype phone calls, file-sharing and so on.

One of the hidden consumers of bandwidth, though, is program updates. Keeping programs up to date is critical for security, but can consume a lot of bandwidth. For example, our network at SIM Nigeria serves roughly 40 computers (including laptops members bring to the office just to connect to the Internet). If a set of Windows updates is released that comes to just 10 MB, that translates to 400 MB to update all 40 computers, which is close to a whole day's bandwidth allocation for us.

Part of the solution is to use Windows Server Update Services (WSUS). This lets you download Microsoft updates onto a server on your network from which all your other computers can access them. Each update is downloaded once for the whole network, rather than once for each computer. You can read about WSUS and how to set it up here on the Microsoft Technical network.

An issue I encountered when trying to get as many computers as possible to use WSUS, though, is that XP Home (as opposed to Pro) edition does not include the policy-setting tool (gpedit.msc) normally used to instruct computers to get updates from the local WSUS server rather than over the Internet from Microsoft. Nor can you simply copy gpedit.msc from another computer onto the XP Home computer.

Instead, you can use a simple script to add some keys to the XP Home computer's registry. The script and explanation can be found at Guide For Setting Up XP Home Clients With WSUS. Just create a new text file, enter "REGEDIT4" as the first line, and copy and paste the registry keys as shown in that page. Change the two occurrences of "http://yourWSUS" to reflect the URL of your WSUS server. Save the file as "WSUS4XPHome.reg" (or whatever.reg) and run it on the XP Home machine. I think a simple reboot will suffice to start it looking for updates in the new location, but the page above tells how to use some commands to start the process immediately and without rebooting.

Reversing the process

You definitely do not want to leave these settings on a computer once it is no longer using your network for updates, since it will then fail to be updated at all. For computers joined to a domain that sets the group policy to use WSUS, it should be enough to remove them from the domain. For computers you manually changed (via local policy or registry changes) , you will have to undo those changes. As far as I know, you can simply delete the entire [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] key as it does not appear to exist in the default installation.

If anyone has corrections or further information, I would love to know.

No comments:

Post a Comment