Windows Server Update Services (WSUS)
This week I’m going to show how to tackle the WSUS 3.0 install. I’m also going to talk a little bit about some of its functionality. I’m sure that by now everyone is familiar with how Windows Automatic updates work and how you can schedule them or manually choose to update your pc. Well WSUS is pretty much the same type of thing except you have a central place to manage updates for every pc or server in your organization. You also have the option to store the updates locally to your WSUS server so that your pc’s will be able to download updates quicker.
First, the installation
When you’re ready to try WSUS you can download it from here. Ok, now on to the install. Run the WSUS3Setupx86.exe. Click next à
In the below screen shot choose “Full server installation”. Next à
Next is the license agreement. It won’t install without it. Next à
Below, you can choose where to install WSUS and also whether you’d like to store the updates locally. Basically, it all runs the same if you choose not to store the updates locally, it’s just if you need to save disk space. Next à
This screen shot lets you choose to use an internal windows database or if you are currently running mssql on this server you can choose to use that instead. I chose to use the internal database. Next à
Below, you can choose whether to use the existing IIS default website for the web services. I chose to use the IIS default web site (recommended if you do not have other websites on the server). Next à
Ready to Install! Click Next à
Going through the install.
Congratulations. You now have WSUS installed.
Some configuration choices
Once you’re finished installing then you can configure it to send e-mail notifications when there are new updates and alerts. From the options menu you can customize your WSUS solution.
Within the administrator WSUS console you can view all updates, critical updates or security updates. You can also choose to decline or approve them for install. As you can see under the computers tree on the left you can view all computers whether they are servers or just PC’s. Reports can also be generated to help you with updates.
To update your client PC or server you’ll need to either configure a Group Policy Object (GPO) within your active directory or if it’s in a non active directory environment you can edit the registry. Find more information about configuring the client here.
This was just a quick rundown for WSUS, so if you’re interested in making sure that all the PC’s in your office or infrastructure are updated you should give WSUS a test drive. By controlling what updates and who gets them you can better secure your environment.
Additional Resources
WSUS download
https://www.microsoft.com/downloads/details.aspx?familyid=E4A868D7-A820-46A0-B4DB-ED6AA4A336D9&displaylang=en
Determining a method for Client configuration
http://technet2.microsoft.com/windowsserver/en/library/3a8c83c3-4eac-4cc3-86fc-a54e67de9c121033.mspx?mfr=true
Filed under: Technical Articles on September 20th, 2007 |
Thank you for this elegant walkthrough showing WSUS installation steps. It occurs that sometimes it comes very hard to properly configure WSUS even at the first glance nothing looks frightening to you. However there always is something that you consider you should have known it better. For example we are running an environment were we have workers that work in with different languages. That is we should handle all operations, deployments, patch management, etc. with this information in mind. You know by default WSUS services download patches in every available language. Of course once you’ve determined which language you need you always can set that Download only those updates that match… option to define if you need that specific language. But having that problem solved you may get another set of configuration that you need to further configure and tackle with like say the well known SQL SP1 problem that has happened for some time ago http://blogs.technet.com/wsus/archive/2006/05/25/430136.aspx. But the main thing I guess is that what I want from a patch management is to be more integrated into my environment and be more scalable to reflect changes and variety of department sizes and so on. WSUS is a powerful thingy but as it happens sometimes it lacks ability to configure it with that level of scope that you need for your own case. It’s like with Microsoft Office and some other products. What I love about Microsoft Office is that I can control almost every part of it to be able to prepare and format my own documents as personified as needed. I recently stumbled upon the news about nice desktop management tool from Scriptlogic called Desktop Authority http://www.scriptlogic.com/products/desktopauthority/ The attracting thing to me was that the tool supported downloading and installing multilingual patches and a flexible distribution that allows deploying patches for a certain environments only. But what attracted me even more is its patch type filters which according to the vendor are said to deliver a more granular distribution and deployment within the enterprise. There was a load of other options mentioned in that paper about the tool which I can’t remember of but it looked very interesting to me. I’m sure they have additional information on their site. I am thinking about giving this a shot. What do you think about it?