Windows Server Update Services (WSUS) are a “must have” feature in business environments. WSUSdramatically improve network bandwidth effiency and allow a granular control of the updates.
Setting up WSUS is not difficult but involves several steps, especially if you are configuring the services for an existing Active Directory Domain.
We have three major steps to complete.
Install Windows Server Update Services
Launch the Server Manager and click Add Roles and Features. Select the Windows Server Update Services role. Default configuration is fine:
You just have to configure the server folder where the Windows updates will be stored:
The system will need some minutes to perform a configuration task after the installation. Then a WSUS tab will appear in your Server Manager.
WSUS configuration
Open the Windows Server Update Services configurator from the WSUS tab, like in the screenshot below:
Go to the Options tab and launch the Wizard:
Click Next:
Click Next:
Synchronize from Microsfot Update if it’s your first WSUS server:
Configure the proxy settings, if you have one:
Click Start and wait some minutes:
Select only the necessary languages, it will save disk space and time:
Select the products you need to maintain up-to-date:
Default settings are fine:
Schedule the synchronization:
The WSUS configuration is finished:
Link the Computers via Group Policy
If you are installing WSUS in an existing Active Directory Domain, the better solution is to configure the client PCs to take advantage of the WSUS via Group Policy.
To do so, open the WSUS Options and click Computers:
Use Group Policy:
From the WSUS panel create a new group of Computers (we used the same name of the AD Group):
Open the Group Policy Editor and create a new Policy:
From the Group Policy Management Editor access the path
Computer Configuration/Administrative Templates/Windows Components/Windows Update
, then click Configure Automatic Updates:
Enable Automatic Updates:
Then open the Specify intranet Microsoft update service location policy:
Specify the server address and add the 8530 port:
Then Enable client-side targeting:
Specify the Group:
Finalize and enforce the Policy. The members of the Group (Computers inside WSUS_tutorial) will receive the Windows updates from WSUS. You will be able to select which updates to dispatch from the WSUS panel, on the server.
No comments:
Post a Comment