Skip to main content

Windows Server Update Service (WSUS) Installation and Configuration

This tutorial will walk you through the process of installing and configuring WSUS Server 3.0 SP2 on Server 2008 R2, step by step.  WSUS is a great thing to have in an Active Directory environment as it saves precious bandwidth and allows a fine level of control in regards to client/server patch level.  You’ll need to do a little prep work before you can complete this lab successfully, so make sure that you’ve taken care of the following before jumping in.

1.)  Ensure that your Active Directory and DNS are functioning optimally and are healthy, this will save you a lot of headaches with workstations.

2.)  Download the latest copy of WSUS here, or you can try the newest WSUS 2010 version if you’re so inclined.

Once you’ve downloaded WSUS, you can kick off the installation which informs you that you need to install certain pre – requisites before continuing.  You can read more about them here, but the main roles that need to be installed are the Web Server IIS and Application Server role.  You can also install SQL Server ahead of time if you’re so inclined, but I’m going to work with the built in version that ships with WSUS as this is a small network.  Let’s jump into it – install the IIS and Application Server Roles from the Server Manager snap in.

Installing the Application Server & Web Server IIS Roles Server 2008
Once the Add Roles Wizard finishes installing IIS and the Application Server roles, give the machine a restart.  You’re now ready to start the process of installing and configuring WSUS.  Start the installer and accept the defaults – you’ll get to a screen warning you that you’re missing the Microsoft Report Viewer 2008 Redistributable.  Go ahead and pick up a copy here, install it, then restart the WSUS installation.
Full server installation including administration console
Now choose the default location of client updates – it’s best to store this on a separate volume if one exists, but I’m going to go ahead and pick the default location for this tutorial.
store updates locally wsus
And choose the default internal database option unless you are going to go with SQL Server.
install windows internal database on this computer
Use the existing IIS Default Web Site.
use the existing iis default web site
The installation wizard is done with the prompts at this point and get’s down to the good stuff.  Before finishing the wizard you’ll need to make sure that the firewall is configured correctly ( ports 8530 & 8531, ) that the WSUS server is able to connect to the upstream server, Windows Update in this case, and that you have credentials for a proxy server in your organization if applicable.   Once you’ve confirmed that you’re good to go, continue the installer.  Since we’re going to be using Windows Update to receive our updates, designate it as the upstream server.
designate the wsus upstream server
Designate a proxy server if applicable –  If you do not have a proxy in your organization, you can skip this part.
use a proxy server when synchronizing
Now hit the “start connecting” button to query windows update for relevant updates to your environment.
wsus start connecting
From here on it’s simply a matter of setting a sync schedule, and determining which updates you will be sending out to your clients.  Let’s choose a list of products that we want WSUS to manage :
choosing the products
Now let’s choose the classifications that we want to enforce in our environment.  It’s generally a best practice to enforce critical updates and security updates at a minimum – the rest is up to you.  I would advise to avoid having WSUS be in charge  of your driver updates unless it’s absolutely critical for compliance reasons, otherwise it can be a bit of a headache to have 250 workstations bluescreen on a Monday morning because the video driver that was pushed out is glitched
choose the wsus classifications
Set a schedule for synchronization – you can have this manually requested or automatic.  Since we all aspire to be lazy admins, let’s go ahead and set it for automatic synchronization on a sensible schedule ;)
set a wsus sync schedule
You’re done and your brand new WSUS server is ready to do it’s thing – let the first sync begin and you can start configuring your organization as you see fit.  Make sure to review the “what’s next” option to better familiarize yourself with WSUS and how best to apply it to your environment.
Labels:

Comments

Post a Comment

Popular posts from this blog

Session Messenger----Best Secure Messaging App

  Session is fundamentally different than most other secure messaging services. Conversations in Session are secured using  client-side E2E encryption . Only the sender and the recipient of a message can read it. But Session goes beyond providing message security. Session also  protects the identities  of its users. It makes your communications private and anonymous, as well as secure. Session can do this because it  connects users  through a  Tor -like network of thousands of  Service Nodes . Service Nodes are servers that pass messages back and forth through the network as well as provide additional services. The  onion request  system that Session uses to protect messages ensures that no Service Node in the network ever knows both a message’s origin (your IP address) and destination (the recipient’s IP address). This allows you to  hide your IP  by default. Session takes a number of additional steps to protect your identity: No phone number is required for registration No email is r
Post a Comment
Read more

Tiny 11 - A Lightweight Windows 11 that can run on 2GB RAM and requires less harddisk space.

  In terms of Windows 11, its   system requirements   are high since this system requires at least 4GB RAM, 64GB storage space, enabled TPM & Secure Boot, a high CPU (1 GHz or faster with 2 or more cores on a compatible 64-bit processor), etc. compared to any old Windows operating systems. If you have an old or lower-end PC, Windows 11 is not a good option to install since many issues like random crashes, blue screen errors, etc. could appear on the unsupported hardware. Overview of Tiny11 If you want to run Windows 11 on your old computer with low RAM and disk space, Tiny11 appears in public. It is a project from NTDev and Tiny11 is a Windows 11 tiny edition. This edition is based on Windows 11 Pro 22H2 and includes everything you need for a comfortable computing experience since this tool doesn’t have the bloat and clutter of a standard Windows installation. Tiny11 Requirements In terms of Tiny11 requirements, a scant 8GB of storage and just 2GB of RAM are required and Windows 11
Post a Comment
Read more

Linuxfx 10 : A Windows-Like Linux Distro

The idea of Linuxfx is to make it easier for people who are migrating from Windows 7. People who are dissatisfied with the lack of security and stability of Windows 10 are also fit for Linuxfx. LinuxFX Desktop : Apart from Windows-like looks, Linuxfx also has more to offer which a regular user will definitely admire. So, let’s get along with me to know more about Windows alternative Linuxfx. As usual, I started by downloading the ISO image of Linuxfx from the official site  here . Then, instead of dual-booting, I decided to install it on my VirtualBox to play safely. After finishing the basic configuration, as soon as I booted it, I noticed a Windows logo and system integrity check. That’s quite surprising because every Linux distro puts their own or OEM logo on that place. But I think Linuxfx wants to make migrating users feel like home from the beginning. Entering the boot menu, Linuxfx redirected and logged in to a live session. Whoah! it can also detect the system I’m using — anoth
Post a Comment
Read more