Using Windows Server Update Services

Windows Server Update Services (WSUS), formerly known as Software Update Services (SUS), is used to leverage the features of Windows Update within a corporate environment. WSUS downloads Windows updates to a corporate server, which in turn provides the updates to the internal corporate clients. This allows you to test and have full control over what updates are deployed within your corporate environment. WSUS is designed to work in medium- sized corporate networks that are not using System Center.

Advantages of Using WSUS

Using WSUS has many advantages:

       It allows an internal server within a private intranet to act as a virtual Windows Update server.

       You have selective control over what updates are posted and deployed from the public Windows Update site. No updates are deployed to client computers unless you first approve them.

       You can control the synchronization of updates from the public Windows Update site to the WSUS server either manually or automatically.

       You can configure Automatic Updates on client computers to access the local WSUS server as opposed to the public Windows Update site.

       WSUS checks each update to verify that Microsoft has digitally signed it. Any updates that are not digitally signed are discarded.

         You can selectively specify whether clients can access updated files from the intranet or from Microsoft’s public Windows Update site, which is used to support remote clients.              You can deploy updates to clients in multiple languages.

       You can configure client- side targeting to help client machines get updates. Client- side targeting allows your organization’s computers to automatically add themselves to the computer groups that were created in the WSUS console.

       You can configure a WSUS statistics server to log update access, which allows you to track which clients have installed updates. The WSUS server and the WSUS statistics server can coexist on the same computer.

         You can manage WSUS servers remotely using HTTP or HTTPS.

WSUS Server Requirements

To act as a WSUS server, the server must meet the following requirements:

       It must be running Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, or  Windows Server 2022.

          It must have all of the most current security patches applied.

          It must be running Internet Information Services (IIS) 6.0 or newer.

          It must be connected to the network.

       It must have an NTFS partition with 100 MB of free disk space to install the WSUS server software, and it must have 6 GB of free space to store all the update files.

        It must use BITS version 2.0.

          It must use Microsoft Management Console 3.0.

           It must use Microsoft Report Viewer Redistributable 2008 or higher.

         Windows Defender should be enabled on the WSUS server.

If your WSUS server meets the following system requirements, it can support up to 15,000 WSUS clients:

         Pentium III 700 MHz processor

■         512 MB of RAM

Installing the WSUS Server

WSUS should run on a dedicated server, meaning that the server will not run any other applications except IIS, which is required. Microsoft recommends that you install a clean or new version of Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, or Windows Server 2022 and apply any service packs or security- related patches.

Exercise 3.3 walks you through the installation process for WSUS.

EXERCISE 3.3

Installing a WSUS Server

  1. Choose Server Manager by clicking the Server Manager icon on the Taskbar.
  2. Click option number 2, Add Roles And Features. If the Before You Begin screen appears, just click Next.
  3. Choose role- based or featured- based installation and click Next.
  4. Select your server and click Next.
  5. Choose Windows Server Update Services (see Figure 3.18). Click the Add Features button when the dialog box appears. Then click Next.

FIGURE 3.18 Choosing to install WSUS

6. At the Select Features screen, just click Next.

7. At the Windows Server Update Services screen, click Next.

8. At the Select Role Services screen, make sure that WID Connectivity and WSUS  Services are both checked (see Figure 3.19). Click Next.

FIGURE 3.19 Select Role screen

9. At the Content Location Selection screen, make sure the check box Store Updates In The Following Location is checked and enter the path of where you want your updates stored. After you do this, click Next (see Figure 3.20). If you deselect this box, updates are not stored locally. They are downloaded from Microsoft only once they are approved. This will help save hard drive space. But we are going to store our updates locally.

EXERCISE 3.3 (continued)

FIGURE 3.20 Content Location Selection screen

10. At the Web Server Role screen, click Next.

11. At the Role Services screen, accept the defaults and click Next.

12. At the Confirmation screen, shown in Figure 3.21, select Restart The Destination Server Automatically If Required. Then click the Install button.

    FIGURE 3.21 Confirmation screen

    13. The installation will begin (shown in Figure 3.22), and you will see the progress. Once the installation is complete, click Close.

      EXERCISE 3.3 (continued)

      14. In Server Manager, click the WSUS link on the left side. Then click the More link (see Figure 3.23) next to Configuration Required For Windows Server Update Services.

        FIGURE 3.23 Status screen more link

        15. At the All Servers Task Details And Notifications screen, click the Launch Post- Installation Tasks link.

        16. The installation process will automatically continue. Once it is finished, you will see Complete under Stage. Close the All Servers Task Details And Notifications screen.

        17. Close Server Manager.

        18. If a WSUS Configure Options box appears, just close it. You will set options in the next exercise.

          Leave a Reply

          Your email address will not be published. Required fields are marked *