Windows Server Update Services (WSUS)
Home > Windows > Windows Server Roles and Features > Windows Server Update Services (WSUS)
Windows Server Update Services (WSUS)
Definition
Windows Server Update Services (WSUS) is a Microsoft server role that allows administrators to manage the distribution of updates and patches released by Microsoft to computers in a corporate environment. It helps ensure that all systems remain secure and up-to-date while minimizing internet bandwidth usage.
1. Install WSUS
Step 1: Add the WSUS Role
1. Open the Server Manager and click on Add Roles and Features. 2. Click Next until you reach the Server Roles section. 3. Select Windows Server Update Services. 4. Click Next.
Step 2: Role Services Configuration
1. Under Role Services, check the following:
* WID Connectivity * WSUS Services
2. In the Content location, select or create a folder where WSUS will store update files (for example: `D:\WSUSContent`).
Step 3: Database Configuration
1. When prompted for the database instance, check the connection. 2. Proceed to the next step.
Step 4: IIS Configuration and Installation
1. Select the required IIS (Web Server) features. 2. Click Next and then Install. 3. After installation completes, click Close.
2. Post-Installation Configuration
Step 1: Launch WSUS Post-Installation Tasks
1. In Server Manager, click Launch Post-Installation Tasks. 2. The WSUS setup wizard will open — click Next to begin.
Step 2: Microsoft Update Settings
1. Deselect the option to join the Microsoft Update Improvement Program. 2. Click Next.
Step 3: Synchronization Settings
1. Select Synchronize from Microsoft Update and click Next. 2. Deselect Use a Proxy Server (unless required) and click Next. 3. Click Start Connectivity Check and wait for it to complete. 4. Once successful, click Next.
Step 4: Language and Product Selection
1. Select the required Languages for updates and click Next. 2. Choose the Products (Windows OS versions, applications, etc.) that you want to update and click Next.
Step 5: Classification Selection
1. Select all required Classifications, for example:
* Critical Updates * Drivers * Feature Packs * Security Updates
2. Click Next.
Step 6: Synchronization Schedule
1. Schedule synchronization to run Daily. 2. Click Next and then Finish to complete the WSUS setup.
3. Verify WSUS Configuration
1. Open the WSUS Console (Dashboard). 2. Go to the Synchronization section. 3. Verify that the first synchronization completed successfully.
4. Configure Group Policy for WSUS
Step 1: Create a New GPO
1. Open the Group Policy Management Console. 2. Right-click your domain or OU and select Create a GPO in this domain. 3. Name it, for example: WSUS Policy.
Step 2: Edit the GPO
1. Right-click the GPO and select Edit. 2. Navigate to:
Computer Configuration → Administrative Templates → Windows Components → Windows Update
Step 3: Configure Automatic Updates
1. Double-click Configure Automatic Updates. 2. Set it to Enabled. 3. Under options:
* Select Auto download and notify for install. * Set the Scheduled install day (e.g., Every Wednesday). * Set the Scheduled install time (e.g., 3:00 AM).
4. Click Apply and OK.
Step 4: Specify Intranet Microsoft Update Service Location
1. Double-click Specify intranet Microsoft update service location. 2. Set it to Enabled. 3. Configure both fields as follows:
* Intranet update service for detecting updates: `http://<WSUS_Server_IP>:8530` * Intranet statistics server: `http://<WSUS_Server_IP>:8530`
4. Click Apply and OK.
5. Manage Computer Groups in WSUS
1. Open the WSUS Console. 2. Go to Computers → right-click and select Add Computer Group. 3. Enter a group name and click OK. 4. To move computers into a group:
* In WSUS, open All Computers. * Right-click a system → select Change Membership. * Choose the desired group → click OK.
6. Approve and Deploy Windows Updates
1. In the WSUS Console, go to the Updates section. 2. Select the required updates or patches. 3. Right-click and choose Approve. 4. Select the appropriate computer group for deployment. 5. Confirm approval to begin installation on target systems.
Summary: This guide covered WSUS installation, post-configuration, GPO setup, computer grouping, and update approval. Following these steps ensures centralized control of Windows updates in your Active Directory environment.
Home > Windows > Windows Server Roles and Features > Windows Server Update Services (WSUS)
