Configuring a WSUS machine is a straightforward process. The easiest way to do so is to use the WSUS Server Configuration Wizard. This wizard walks you through the WSUS setup process, and it makes it easy to configure WSUS. When in the WSUS snap- in, you can configure various options:
Update Source And Proxy Server This option allows you to configure whether this WSUS server synchronizes either from Microsoft Update or from another WSUS server on your network.
Products And Classifications This option allows you to select the products for which you want to get updates and the type of updates that you want to receive.
Update Files And Languages This option allows you to choose whether to download update files and where to store those update files. This option also allows you to choose which update languages you want downloaded.
Synchronization Schedule This option allows you to configure how and when you synchronize your updates. You can choose to synchronize manually or to set up a schedule for daily automatic synchronization.
Automatic Approvals This option allows you to specify how to approve installation of updates automatically for selected groups and how to approve revisions to existing updates.
Computers This option allows you to set computers to groups or use Group Policy or Registry settings on the computer to receive updates.
Server Cleanup Wizard This option allows you to clean out updates, and update files from your server.
Reporting Rollup This option allows you to choose whether to have replica downstream servers roll up computer and update status to this WSUS server.
Email Notifications This option allows you to set up email notifications for WSUS. You can be notified when new updates are synchronized, or you can get email status reports. This option also allows you to set up the email server’s information on your WSUS server.
Microsoft Update Improvement Program This option allows you to choose whether you want to participate in the Microsoft Update Improvement program. When you choose to participate in this program, your WSUS server will automatically send information to Microsoft about the quality of your updates. This following information is included:
■ How many computers are in the organization
■ How many computers successfully installed each update
■ How many computers failed to install each update
Personalization This option allows you to personalize the way information is displayed for this server. This option also allows you to set up a to- do list for WSUS.
WSUS Server Configuration Wizard This option allows you to set up many of the preceding options by just using this one setup wizard.
In Exercise 3.4, you will learn how to set up some of the WSUS server options. To complete this exercise, you need to have an Internet connection that can communicate with Microsoft.
EXERCISE 3.4
Setting WSUS Server Options
- Open the Windows Server Update Services snap- in from Administrative Tools by clicking Start and then choosing Administrative Tools (see Figure 3.24). The Windows Server Update Services snap-i n will be at the bottom of the list alphabetically. Double- click the Windows Server Update Services snap- in.
EXERCISE 3.4 (continued)
2. The WSUS Server Configuration Wizard appears. Click Next at the Before You Begin screen.
3. At the Join Microsoft Update Improvement Program screen, deselect the Yes box and click Next. If you want to participate in the program, keep the check box selected.
4. At the Choose Upstream Server screen, choose Synchronize From Microsoft Update and click Next.
5. Fill in the information at the Specify Proxy Server screen if you need to use a proxy server. If you do not need a proxy server, just click Next.
6. At the Connect To Upstream Server screen, click the Start Connecting button (see Figure 3.25). This step can take a while depending on your connection speed. Once it’s finished connecting, click Next.
FIGURE 3.25 Connect To Upstream Server screen
7. At the Language screen, choose which languages that you need updates for and click Next.
8. At the Choose Products screen (Figure 3.26), scroll down and choose the products for which you want to receive updates. Then click Next. You should only choose the products that you have in your organization. The more items you choose, the more space your network will need.
9. At the Choose Classifications screen, choose the classifications of updates you would like and click Next.
10. The Set Sync Schedule screen will appear next. At this screen, you can choose whether you want manual or automatic synchronizations. For this exercise, choose Synchronize Manually and click Next.
11. At the Finish screen, you can click Begin Initial Synchronization and click Finish. Be advised that this initial sync can take some time to finish. So if you don’t have time to complete it now, you can always synchronize later.
12. Close WSUS.
Testing and Approving Updates
You should test and approve updates before they are deployed to WSUS clients. The testing should be done on a test machine that is not used for daily tasks.
You also want to make sure that the WSUS test client has Windows Defender or a third- party antivirus type software on it. This ensures that when the updates are loaded onto this test system, the updates will be checked against possible viruses, antimalware, spyware, or any other type of malicious software.
There are many reasons why you should pre- test the updates. There have been times in the past (and it doesn’t happen a lot) when Microsoft has released an update that has caused issues on a network. Microsoft does its best to ensure that all updates are tested before deploying them, but depending on how your network is set up, the update may not perform the same way as it was intended. So by testing updates before deploying them, you ensure that the updates will not cause your network any unseen unforeseen problems.
To approve updates, from the welcome screen, click Updates on the site’s toolbar. Make your settings on the Updates page that appears.
Viewing the Synchronization Log
To view the synchronization log, click the Reports button on the site’s toolbar from the welcome screen. The Reports page will appear. Click Synchronization Results to view the results.
Configuring a Disconnected Network
You have the ability to use WSUS on a disconnected network. To do so, you download the updates to the Internet- connected WSUS server. After the download is complete, you can export the updates and then import the updates to the disconnected network.
Leave a Reply