Pages

Thursday, May 31, 2012

Windows Server Update Services

Here are some resources for setting up a Windows Server Update Services (link).

Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network.

Download WSUS 3.0 SP2 (link). WSUS Installation Guide (link).

If you get a message indicating that "IIS role or additional IIS role services must be installed", it is probably because your Windows Server IIS is missing IIS 6 MetaBase Compability role service.

After installation, I gave Read permissions on "c:\wsus" directory for Everyone so that any computer on the network could access the updates.

Clients

Configure client updates (link). Configure clients to use WSUS as the primary source of updates (link). Setting the clients that are not in the same domain is done by editing registry (link).

Create the key HKEYLOCALMACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU and add a DWORD value "UseWUServer" and set its value to 1.

Then in HKEYLOCALMACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate add keys WUServer and WUStatusServer, type String (Reg_SZ), and set them to the same value. That being the HTTP(S) address of your update server.

These settings are available as a .reg file on my Dropbox (link). You should adjust the URL to point to your WSUS server installation.

After client workstation restart, it automatically uses the WSUS server for Windows Update. The first time it checks for updates it will install a different version of Windows Update components. After that it will allow checking against a WSUS server as well as against Microsoft online update.

Administration

As an Administrator, you may want to clean the database ocassionally. This is done by removing superseeded updates.

A convenient way to download updates is to look at Needed updates. These are reported as needed by the clients.

The updates will download after they are approved (by default). This option is adjustable.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)