Skip to main content

Windows Server Update Service (WSUS) Installation and Configuration

This tutorial will walk you through the process of installing and configuring WSUS Server 3.0 SP2 on Server 2008 R2, step by step.  WSUS is a great thing to have in an Active Directory environment as it saves precious bandwidth and allows a fine level of control in regards to client/server patch level.  You’ll need to do a little prep work before you can complete this lab successfully, so make sure that you’ve taken care of the following before jumping in.

1.)  Ensure that your Active Directory and DNS are functioning optimally and are healthy, this will save you a lot of headaches with workstations.

2.)  Download the latest copy of WSUS here, or you can try the newest WSUS 2010 version if you’re so inclined.

Once you’ve downloaded WSUS, you can kick off the installation which informs you that you need to install certain pre – requisites before continuing.  You can read more about them here, but the main roles that need to be installed are the Web Server IIS and Application Server role.  You can also install SQL Server ahead of time if you’re so inclined, but I’m going to work with the built in version that ships with WSUS as this is a small network.  Let’s jump into it – install the IIS and Application Server Roles from the Server Manager snap in.

Installing the Application Server & Web Server IIS Roles Server 2008
Once the Add Roles Wizard finishes installing IIS and the Application Server roles, give the machine a restart.  You’re now ready to start the process of installing and configuring WSUS.  Start the installer and accept the defaults – you’ll get to a screen warning you that you’re missing the Microsoft Report Viewer 2008 Redistributable.  Go ahead and pick up a copy here, install it, then restart the WSUS installation.
Full server installation including administration console
Now choose the default location of client updates – it’s best to store this on a separate volume if one exists, but I’m going to go ahead and pick the default location for this tutorial.
store updates locally wsus
And choose the default internal database option unless you are going to go with SQL Server.
install windows internal database on this computer
Use the existing IIS Default Web Site.
use the existing iis default web site
The installation wizard is done with the prompts at this point and get’s down to the good stuff.  Before finishing the wizard you’ll need to make sure that the firewall is configured correctly ( ports 8530 & 8531, ) that the WSUS server is able to connect to the upstream server, Windows Update in this case, and that you have credentials for a proxy server in your organization if applicable.   Once you’ve confirmed that you’re good to go, continue the installer.  Since we’re going to be using Windows Update to receive our updates, designate it as the upstream server.
designate the wsus upstream server
Designate a proxy server if applicable –  If you do not have a proxy in your organization, you can skip this part.
use a proxy server when synchronizing
Now hit the “start connecting” button to query windows update for relevant updates to your environment.
wsus start connecting
From here on it’s simply a matter of setting a sync schedule, and determining which updates you will be sending out to your clients.  Let’s choose a list of products that we want WSUS to manage :
choosing the products
Now let’s choose the classifications that we want to enforce in our environment.  It’s generally a best practice to enforce critical updates and security updates at a minimum – the rest is up to you.  I would advise to avoid having WSUS be in charge  of your driver updates unless it’s absolutely critical for compliance reasons, otherwise it can be a bit of a headache to have 250 workstations bluescreen on a Monday morning because the video driver that was pushed out is glitched
choose the wsus classifications
Set a schedule for synchronization – you can have this manually requested or automatic.  Since we all aspire to be lazy admins, let’s go ahead and set it for automatic synchronization on a sensible schedule ;)
set a wsus sync schedule
You’re done and your brand new WSUS server is ready to do it’s thing – let the first sync begin and you can start configuring your organization as you see fit.  Make sure to review the “what’s next” option to better familiarize yourself with WSUS and how best to apply it to your environment.
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Setup a USB Flash Drive to Install Windows 7

If you have an ISO image of Windows 7, using Microsoft’s free utility is a quick and easy option to get the image on your USB flash drive. It requires XP SP2 or higher and if you’re using an XP machine you’ll need .NET Framework 2.0, and Microsoft Image Mastering API V2…both of which can be downloaded from the link below. It seemed to work best if I formatted the flash drive as NTFS before using the download tool. But that could be because of the flash drive I used…your mileage may vary.   It’s a pretty straight forward process, first browse to the location of your Windows 7 ISO file and click Next. Select USB device…this also helps you burn the ISO to DVD as well if you need that option. Choose your flash drive and click Begin copying. Now just wait for the process to complete. The drive will be formatted and files copied to the flash drive. When the process is finished you will be able to see the files on the flash drive as you would if you opened the installation
1 comment
Read more

Configuring the Linksys WRT54GS Router for wifi

Basic ADSL Router setup The full GUI can be accessed at http://ui.linksys.com/WRT54G/v1-v4/4.20.7/index.htm location  The router will work out of the box, but has none of the security functions enabled as standard. It should be connected by Cat5 or 5e ethernet cable between a modem and the computer network as its job is to manage traffic and protect the network with its built-in firewall. Configuring the WRT54GS is quite straightforward thanks to its user-friendly web interface. To access it enter; http://192.168.1.1 into your web browser. You will be prompted to enter a username and password. Enter admin for both, you will be changing this later. Router Name This image above is of the first web interface showing the basic configuration settings. Nothing needs to be changed here for most home user setups, but I suggest changing the Router Name to something meaningful and changing the Time Zone. If you have made any changes, click Save at the b
1 comment
Read more

Tiny 11 - A Lightweight Windows 11 that can run on 2GB RAM and requires less harddisk space.

  In terms of Windows 11, its   system requirements   are high since this system requires at least 4GB RAM, 64GB storage space, enabled TPM & Secure Boot, a high CPU (1 GHz or faster with 2 or more cores on a compatible 64-bit processor), etc. compared to any old Windows operating systems. If you have an old or lower-end PC, Windows 11 is not a good option to install since many issues like random crashes, blue screen errors, etc. could appear on the unsupported hardware. Overview of Tiny11 If you want to run Windows 11 on your old computer with low RAM and disk space, Tiny11 appears in public. It is a project from NTDev and Tiny11 is a Windows 11 tiny edition. This edition is based on Windows 11 Pro 22H2 and includes everything you need for a comfortable computing experience since this tool doesn’t have the bloat and clutter of a standard Windows installation. Tiny11 Requirements In terms of Tiny11 requirements, a scant 8GB of storage and just 2GB of RAM are required and Windows 11
Post a Comment
Read more