Step by Step

What is WSUS Server?

Windows Server Update Services server (WSUS) is a central repository on your network which downloads and maintain latest updates from Microsoft update server.  The WSUS then distributes those updates to client computers. In this way, each client computer does not have to download updates directly from Microsoft on internet therefore, reducing bandwidth and traffic on the network.

In this article I’ll walk you through to deploy WSUS in a domain environment and using group policies on Windows Server 2012 R2. The article has following five major parts:

  1. Installing WSUS Server Role
  2. Configuring WSUS
  3. Creating Group Policies and Linking on Client Computers OU to Point them on WSUS
  4. Approving Updates on WSUS for Client Computers to Download
  5. Testing the Configuration 
  6. Prerequisites
  1. Manual or static IP address is configured
  2. Windows firewall is turned off
  3. Latest security updates from Microsoft are installed 
  4. Administrator account has strong password 
  5. Internet connection is working so WSUS can download updates from Microsoft

Step 1: On your server manager dashboard, click Add roles and features

Step 2: Click Next

Step 3: Select Role-based or feature-based installation and click Next

Step 4: ClickNext

Step 5: Select Windows Server Update Services from roles and wait for a new window to pop up

Step 6: Click Add Features

Step 7: Click Next

Step 8: Click Next

Step 9: Click Next

Step 10: Click Next

Step 11: Provide the path of a folder on one of your NTFS drive where updates can be stored.  Click Next

Step 11: Click Next

Step 12: Click Next

Step 13: Click Install and the installation will begin which can take 10 – 15 minutes to complete

Step 14: Click Launch Post-Installation tasks. This step can also take 10 – 15 minutes to finish  

Configuring WSUS Server   

Step 1: Open your server manager dashboard, Click Tools -> Windows Server Update Services

Step 2: Click Next

Step 3: ClickNext

Step 4: If you have a proxy server in your network, configure the proxy settings otherwise click Next

Step 5: ClickStart Connectingto connect to upstream server of Microsoft

Step 6: ClickNext

Step 7: Select language(s) and clickNext

Step 8: Select the product(s) you need to download updates for.ClickNext

Step 9: Select the type of updates andclickNext

Step 10: Select Synchronize manually and clickNext. You can also setup an automatic schedule for synchronization

Step 11: ClickNext

Step 12: ClickFinish

Step 13: In WSUS console, click on your machine to verify the synchronization status

Creating Group Policies and Linking on Client Computers OU to Point them on WSUS Server

Step 1: Go to your DC server.Open Server manger dashboard, ClickTools -> Group Policy Management

Step 2: Expand forest node. Right-clickGroup Policy Objects -> ClickNew

Step 3: Provide the name of group policy object and clickOK

Step 4: Right-clickthe GPO created in step 3 -> Click Edit

Step 5: ExpandComputer Configuration -> Policies -> Administrative Templates -> Windows Components and click Windows Update.Locate Configure Automatic Updates in the right-most pane, right-click it-> ClickEdit

Step 5: SelectEnabled and 3 – auto download and notify for install.ClickOK

Step 6: ExpandComputer Configuration -> Policies -> Administrative Templates -> Windows Components and click Windows Update.Locate Specify intra Microsoft Update service location in the right-most pane, right-click it -> clickEdit

Step 7: Select enabled and provide FQDN of WSUS server in the form http://<> server>:8530. ClickOK

Step 7: Select the desired OU of your computers you want to configure for updates from WSUS server and Right-click it -> Click Link an Existing GPO…

Step 8: Select the GPO created in step 3 and clickOK

Step 9: Open command prompt and type

gpupdate 

for the policies to be applied immediately

Approving Updates on WSUS Server for Client Computers to Download

Step 1: Go to WSUS server. Open console, clickAll Updatesand select all the updates you would like to approve. ClickApprove

Step 2: Right-click both nodes one by one and click Approve for Install. ClickOK

Step 3: ClickClose

Testing the Configuration

Step 1: Go to your client machines configure it to check for updates. 

Step 2: In your WSUS console, expand Computers node. You will see a list of client computers requested for updates to WSUS server. Your configuration is successful.

Conclusion

Leave a Reply

Your email address will not be published. Required fields are marked *