Windows Server Update Services (WSUS)
So what is WSUS? It’s an awesome free way that enables IT administrator to deploy the latest Microsoft updates, hot-fixes and service packs to computers running Microsoft Windows Server 2003 family, Windows Server 2008, Microsoft Windows Vista, Microsoft Windows XP and Microsoft Windows 7 operating systems. By using WSUS, administrators can fully manage and take control of the distribution of updates that are released through Microsoft Updates.
So in this blog, I will go over the prerequisites and the setup of WSUS.
Prerequisites for WSUS server
- Windows Server 2003 SP1 or Windows Server® 2008
- Microsoft Internet Information Services (IIS) 6.0 or later
- Windows Installer 3.1 or later
- Microsoft .NET Framework 2.0 or greater
- Microsoft Report Viewer Redistributable 2005
- Microsoft Management Console 3.0
- SQL Server 2005 SP1 or later (probably get away with SQL Server 2008)
Prerequisites for WSUS clients (x86 and x64)
- Windows XP SP2, Windows Vista, Windows 7
- Windows Server 2003 or Windows Server 2008
The Typical WSUS Deployment Scenarios
WSUS is flexible enough to deploy starting from small to enterprise organization. Just you need to make sure Active Directory, DNS and DHCP working perfect. If port 80 is occupied by your company web site you can use port 8530. I used port 8530 on WSUS server :).
I am using Windows 2003 SP2.
Install Prerequisites
Step 1. IIS Installation
Go to add/remove windows component and select Application server
click next
Select as above. You must select ASP.net and IIS, then check Internet Information Services (IIS) and click Details.
Check BITS, check IIS manager and click on details
Check ASP and WWW and click ok.
Step 2. MMC 3.0 Installation
Note: no need to install if you installed the latest service pack on your server
Step 3. .NET 2 Framework Installation
Here is the direct link: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19
Once it’s finish downloading, locate the file and run the installation, click next, accept EULA and follow the installation screen.
Step 4. Installing MS Report Viewer
Download report viewer from here: http://www.microsoft.com/download/en/details.aspx?id=6442
Run the installation, click next, accept EULA and follow the installation screen.
Step 5. SQL Server 2005 SP1 installation
Download SQL server 2005 from here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=7478
Click next and click install, click next again
follow installation screen until finish
Now you have fulfill the prerequisite as mention above.
The fun part starts!!
Step 6. WSUS installation
Download WSUS from http://www.microsoft.com/download/en/details.aspx?id=5216 website. Download x86 or x64 as you prefer. Once you install the correct OS version. Start the installation:
Click on Run
Click Next
Check Full server installation radio button, click Next
Accept EULA
You must have two partition in your server as you can see above. I selected D:\WSUS . Click Next (Note: If you can’t partition your primary hard drive, you could place this folder in C:\)
This part is for SQL guru users :). Check use existing database. It is required for enterprise deployment. Internal database will not work if you have large number of desktop and server. Click Next.
Click Next
On the next screen “web site selection” check create Microsoft Windows Server Update Services Web Site on port 8530
DO NOT CHECK RECOMMENDED
Click Next
This part is for Techs that like to take the proactive approach. I recommend doing this, if you are creating a VM of the WSUS. Click Next , Click Next again
Click Finish. WSUS config wizard will start next.
Click Next
Click Next
Provide proxy server IP and credentials above if you have a proxy server. If a proxy server does exist in your company, leave “Use a proxy server when synchronizing” unchecked
Click on “Start Connecting” and wait until finish, click next and follow the config screen to select your language, products, classification. Once configure those setting you will reach to the Configure Syn Schedule:
Click Next
Wait until synchronization finish. It might take 30/40 minutes depending on speed of your internet.
Step 7. Setup IIS Security
Now set permission in IIS in WSUS server, you may set anonymous logon. Don’t worry its inside your firewall.
Step 8. Configure WSUS
Open WSUS management console. In the Left hand side pan, click on Options then click on Change Update File and Language. Check Download Update files to the server when updates are approved. Select appropriate language. Then Click Apply and Ok.
Click on Automatic Approval and create new rules and run the rules. For example:
In the left hand side pan right click on All Computers, Click on Add Computer Group. For example, I have three computer groups; desktop, Windows7 and Server. I actually changed this to OS Version > Computer Models, but this is all up to you in how you would like to manage it.
Step 9. Group Policy Configuration
This part describes how to use GPO to deliver Automatic Updates:
Open group policy management console, Right click on the Group policy objects container and click new. Create a policy or policies for each of computer groups. For Example, WSUS Policy for desktop, WSUS Policy for Windows 7 and WSUS Server policy.
Now right click on WSUS policy that is desktop policy you just created and change settings of four GPO that are enabled here on screen (see below for pics)
Configure Auto download and schedule installation that fit for you
Point WSUS server and port as http://yourserver:8530 in both the box
Type target group to populate desktop/pc in WSUS Server.
Check enabled in following box not to reboot machine if user logged on
In the GPO management console, Right click on the organizational unit (OU) that contain desktop/workstation and link existing WSUS policy you created in above steps with this organizational unit.
Important!
Do NOT link WSUS policy in child OU. Link directly to the top of OU hierarchy otherwise workstation will not populate.
Conclusion
Auto update and patch up gives administrator more time to concentrate other things without spending time on patching up servers and pc. I enjoyed deploying WSUS. I hope these instruction would be handy for you. I will soon post up the instructions on how to install WSUS on Windows Server 2008.
Leave a Reply