WSUS
From AlphaBook
Contents
WSUS
- It is important to keep Windows system and applications up to date
Install WSUS
- Install-WindowsFeature -Name UpdateServices -IncludeManagementTools (Using WID)
- Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementTools (Using SQL)
- Install-WindowsFeature -Name UpdateServices -IncludeManagementTools -IncludeAllSubFeature (Does not work, database must be WID or SQL, can not be both)
- Configure the download location
- cd "C:\Program Files\Update Services\Tools"
- .\WsusUtil.exe PostInstall CONTENT_DIR=D:\WSUS
Post-deployment Configuration
- Store updates locally (D:\WSUS)
- Synchronize from Microsoft Update (or Synchronize from another Windows Server Update Services server:8530)
- Use a proxy server when synchronizing (optional)
- Start Connecting
- Select Languages
- Choose Products (Windows 10, Office 2016, etc)
- Choose Classifications
- Critical Updates
- Definition Updates
- Driver Sets
- Drivers
- Feature Packs
- Security Updates
- Service Packs
- Tools
- Update Rollups
- Updates
- Upgrades
- Synchronize schedule
- Begin initial synchronization (optional)
- Finish
Next steps
- Using SSL with WSUS
- Create computer groups
- Assign computers to groups using Group Policy
- From WSUS administration console, click Options->Computer, You can specify how to assign computers to groups
- Use the Update Services console
- Use Group Policy or registry settings on computers
- Computer Configuration\Policies\Windows Settings\Administrative Templates\Windows Components\Windows Update\Enable client-side targeting
- Computer Configuration\Policies\Windows Settings\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location
- Computer Configuration\Policies\Windows Settings\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates (Auto download and notify for install)
- From WSUS administration console, click Options->Computer, You can specify how to assign computers to groups
- Configure aoto-approval rules
- When an update is in Critical Updates, Security Updates, Approve the update for all computers (example)
Windows client
- wuauclt /detectnow