This week I’m going to show how to tackle the WSUS 3.0 install.  I’m also going to talk a little bit about some of its functionality.  I’m sure that by now everyone is familiar with how Windows Automatic updates work and how you can schedule them or manually choose to update your pc.  Well WSUS is pretty much the same type of thing except you have a central place to manage updates for every pc or server in your organization.  You also have the option to store the updates locally to your WSUS server so that your pc’s will be able to download updates quicker.

First, the installation

When you’re ready to try WSUS you can download it from here.  Ok, now on to the install.  Run the WSUS3Setupx86.exe.  Click next à

 

 

In the below screen shot choose “Full server installation”.  Next à

 

 

Next is the license agreement.  It won’t install without it.  Next à

 

Below, you can choose where to install WSUS and also whether you’d like to store the updates locally.  Basically, it all runs the same if you choose not to store the updates locally, it’s just if you need to save disk space.  Next à

 

This screen shot lets you choose to use an internal windows database or if you are currently running mssql on this server you can choose to use that instead.  I chose to use the internal database.  Next à

 

Below, you can choose whether to use the existing IIS default website for the web services.  I chose to use the IIS default web site (recommended if you do not have other websites on the server).  Next à
 

Ready to Install!  Click Next à

 

Going through the install.
 

Congratulations.  You now have WSUS installed.

Some configuration choices

Once you’re finished installing then you can configure it to send e-mail notifications when there are new updates and alerts.  From the options menu you can customize your WSUS solution.

Within the administrator WSUS console you can view all updates, critical updates or security updates.  You can also choose to decline or approve them for install.  As you can see under the computers tree on the left you can view all computers whether they are servers or just PC’s.  Reports can also be generated to help you with updates.

To update your client PC or server you’ll need to either configure a Group Policy Object (GPO) within your active directory or if it’s in a non active directory environment you can edit the registry.  Find more information about configuring the client here.

This was just a quick rundown for WSUS, so if you’re interested in making sure that all the PC’s in your office or infrastructure are updated you should give WSUS a test drive.  By controlling what updates and who gets them you can better secure your environment.

Additional Resources

WSUS download
https://www.microsoft.com/downloads/details.aspx?familyid=E4A868D7-A820-46A0-B4DB-ED6AA4A336D9&displaylang=en

Determining a method for Client configuration
http://technet2.microsoft.com/windowsserver/en/library/3a8c83c3-4eac-4cc3-86fc-a54e67de9c121033.mspx?mfr=true

Filed under: Technical Articles on September 20th, 2007 |