Windows Server Update Service

  Microsoft Windows Server 2016

Main Menu

What is WSUS

40: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/9331662?start=0

“Double U-Sus”

Windows Server Update Service (WSUS)

  • A server role that allows administrators to control Windows Updates in your domain
  • How does WSUS aquire updates?
    • Downoad updates directly from Microsoft (if network has Internet connectivity)
    • Download updates from another WSUS server (called an upstream server)
    • Imported from files copied to your server (In case of no Internet connection)
      • Generally from a CD Rom or similar device
  • WSUS should NEVER be installed on a Domain Controller
    • It can cause access issues with the database

Example of Upstream / Downstream WSUS

How does it work?

  • Add WSUS Server Role
    • Remember, not to a DC!
  • Configure client computers with Group Policy
    • Either wait for clients to check in with WSUS or force early check-in (recommended)
  • Organize WSUS clients into Computer Groups
    • Good to setup ‘test’ group for updates that sometimes break functionality
  • Approve Updates for specific Computer Groups
    • Patch Tuesday = 2nd Tuesday of the month
    • Sometimes 4th Tuesday also.

Steps to build WSUS Server

42: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/7619870?start=0

Before following along with this section you will need to create a new Windows Server 2016 VM and join it to your domain.

I will be creating a server VM called ITFWSUS01 and I will be joining it to my itflee.com domain.

Once you have completed the following tasks, you are ready to continue on with this section:

  1. Create a new VM called ITFWSUS01
  2. Connect the VM to the same network as your itflee.com domain
  3. Install Windows Server 2016
  4. Configure the server IP address (I will use 192.168.0.12)
  5. Rename the server to ITFWSUS01 and join to itflee.com domain
  6. Run Windows Update to patch your server OS (this is important)

There is a bug with the unpatched version of Windows Server 2016. So please run Windows Update as soon as you have the server connected to the internet.

Once you have done this you are ready to move on to the next lecture!

Adding the Windows Server Update Services Role

43: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/7619724?start=0

  • Log into the new server
  • Server Manager > Install Roles and Features > Select current server (not DC!)
  • Windows Server Update Services > Add Features > Next > Next > next …
  • Content location selection
    • Where do you want to store the downloaded updates?
    • C:\WSUSupdate
    • Next > Next > Next > Install
  • After install, run the Post Install Tasks

Configuring WSUS

44: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/7619868?start=0

  • Server Manager > Tools > Windows Server Update Services
  • Config. Wizard > Next
  • [  ] Yes, join update program (unchecked) > Next
  • Choose upstream server: (*) Sync from MS Update
  • Specify Proxy Server [  ] Use a proxy… (unchecked) > Next
  • [ Start Connecting ] (20 minutes???)
  • Select only the services you think you will need to support.
  • Set Sync Schedule
    • 7 days
      • “Patch Tuesday” is 2nd Tuesday of every month, and sometimes 4th, so no need to sync more than once every 7 days
    • Start sync
      • This will take several hours!
  • To see what was synced, Update Services > Server > Synchronization

Configuring WSUS Clients with Group Policy

45: https://www.udemy.com/windows-server-2016/learn/v4/t/lecture/7619796?start=0

  • Domain Controller > AD U&C > Domain > Rclick Domain > New > OU > “Servers”
    • Drag the WSUS server from Computers to the new OU.

 

LEAVE A COMMENT