This tutorial will walk you through the process of installing and configuring WSUS Server 3.0 SP2 on Server 2008 R2, step by step. WSUS is a great thing to have in an Active Directory environment as it saves precious bandwidth and allows a fine level of control in regards to client/server patch level. You’ll need to do a little prep work before you can complete this lab successfully, so make sure that you’ve taken care of the following before jumping in.
1.) Ensure that your Active Directory and DNS are functioning optimally and are healthy, this will save you a lot of headaches with workstations.
Set a schedule for synchronization – you can have this manually requested or automatic. Since we all aspire to be lazy admins, let’s go ahead and set it for automatic synchronization on a sensible schedule ;)
1.) Ensure that your Active Directory and DNS are functioning optimally and are healthy, this will save you a lot of headaches with workstations.
2.) Download the latest copy of WSUS here, or you can try the newest WSUS 2010 version if you’re so inclined.
Once you’ve downloaded WSUS, you can kick off the installation which informs you that you need to install certain pre – requisites before continuing. You can read more about them here, but the main roles that need to be installed are the Web Server IIS and Application Server role. You can also install SQL Server ahead of time if you’re so inclined, but I’m going to work with the built in version that ships with WSUS as this is a small network. Let’s jump into it – install the IIS and Application Server Roles from the Server Manager snap in.
Once you’ve downloaded WSUS, you can kick off the installation which informs you that you need to install certain pre – requisites before continuing. You can read more about them here, but the main roles that need to be installed are the Web Server IIS and Application Server role. You can also install SQL Server ahead of time if you’re so inclined, but I’m going to work with the built in version that ships with WSUS as this is a small network. Let’s jump into it – install the IIS and Application Server Roles from the Server Manager snap in.
Once the Add Roles Wizard finishes installing IIS and the Application Server roles, give the machine a restart. You’re now ready to start the process of installing and configuring WSUS. Start the installer and accept the defaults – you’ll get to a screen warning you that you’re missing the Microsoft Report Viewer 2008 Redistributable. Go ahead and pick up a copy here, install it, then restart the WSUS installation.
Now choose the default location of client updates – it’s best to store this on a separate volume if one exists, but I’m going to go ahead and pick the default location for this tutorial.
And choose the default internal database option unless you are going to go with SQL Server.
Use the existing IIS Default Web Site.
The installation wizard is done with the prompts at this point and get’s down to the good stuff. Before finishing the wizard you’ll need to make sure that the firewall is configured correctly ( ports 8530 & 8531, ) that the WSUS server is able to connect to the upstream server, Windows Update in this case, and that you have credentials for a proxy server in your organization if applicable. Once you’ve confirmed that you’re good to go, continue the installer. Since we’re going to be using Windows Update to receive our updates, designate it as the upstream server.
Designate a proxy server if applicable – If you do not have a proxy in your organization, you can skip this part.
Now hit the “start connecting” button to query windows update for relevant updates to your environment.
From here on it’s simply a matter of setting a sync schedule, and determining which updates you will be sending out to your clients. Let’s choose a list of products that we want WSUS to manage :
Now let’s choose the classifications that we want to enforce in our environment. It’s generally a best practice to enforce critical updates and security updates at a minimum – the rest is up to you. I would advise to avoid having WSUS be in charge of your driver updates unless it’s absolutely critical for compliance reasons, otherwise it can be a bit of a headache to have 250 workstations bluescreen on a Monday morning because the video driver that was pushed out is glitched
Set a schedule for synchronization – you can have this manually requested or automatic. Since we all aspire to be lazy admins, let’s go ahead and set it for automatic synchronization on a sensible schedule ;)
You’re done and your brand new WSUS server is ready to do it’s thing – let the first sync begin and you can start configuring your organization as you see fit. Make sure to review the “what’s next” option to better familiarize yourself with WSUS and how best to apply it to your environment.
Comments