configuring wsus 3.0 sp2 on windows server completing the wsus setup, the wsus configuration wizard...

prajwaldesai.co m http://prajwaldesai.com/configuring-wsus-3-0-sp2-on-windows-server/

Configuring WSUS 3.0 SP2 on Windows ServerPrajwal Desai

Configuring WSUS 3.0 SP2 on Windows Server :- In the previous post we saw the installationof WSUS 3.0 SP2 on Windows Server 2008 R2. In this post we will conf igure the WSUS 3.0 SP2and will look at various f eatures of WSUS and ways to conf igure them.

On completing the WSUS setup, the WSUS configuration Wizard is launched. Click Next.

If you would like to join Microsoft Update Improvement Program, check the box and click next.

Select the f irst option if you want to synchronize f rom Microsoft Update . In case you have a WSUSserver existing in your enviroment, choose the second option Synchronize from another WSUS serverproviding the server name and port number. We will be going with f irst option here. Click Next.

We have not conf igured any Proxy server so leave this page to def ault and click Next.

Click on Start Connecting. In this step the WSUS server synchronizes and collects the types of updatesavailable , product categories and languages. It takes around 4-5 minutes to complete this step. Oncecompleted, click Next .

Choose the language as English. Click Next.

In the Choose products page, we will choose windows 7 as the client that we have is installed withWindows 7. Click Next .

In the Choose Classif ications page we will choose Crit ical Updates, Security Updates, Definit ionUpdates. click Next.

Set Sync Schedule to Synchronize automatically, set the time f or First Synchronization. SelectSynchronizations per day to “1″. This means the Synchronization happens automatically at 2:00 PMeveryday. Click Next.

click on Next . This will launch the WSUS administrator console and will begin the init ial synchronization.

As of now we see f rom the WSUS console that updates are being synchronized.

We will now conf igure Automatic Approval Rule , with this the updates would be approved, downloadedand installed on the client computers.

Note : Be caref ul while you create and deploy the Automatic Approval rule. Once created and run the rule,the selected updates will be installed automatically on the client machines. It is recommended that you havea separate set of clients f or testing the updates f irst and then deploy the updates to client machines thatare in production.

On the WSUS Console, click on Options, click Automatic Approvals .

Check the Default Automatic Approval Rule . Lets look at Rule Properties. When an update is in Crit icalupdates, Security Updates then approve the update for all computers.

By def ault all the computers that arediscovered are placed under Allcomputers, Unassigned Computers.

Click on Automatic Approvals , click Advanced Tab. We see that all the options are enabled here. Letsunderstand what they are

WSUS Updates :- Any updates to WSUS product is approved automatically.

Revisions to Updates :- If an approved update has a new revision then the update is approvedautomatically. If the new revision of an update is causing old version update to expire, its declinedautomatically.

On the Automatic Approval window, selectthe rule and click Edit . Check the box“When an update is in a specif icproduct” and in the edit the propertiessection, select the product as Windows 7.The update will be approved f or allcomputers. Click OK.

Lets see the Approval status bef ore werun the rule, its clearly shows that AllUpdates are Not Approved.

Now lets run the default automatic approval rule . Click Run Rule . The Updates will be approved now.

Lets check the WSUS Console f or theApproval Status of All Updates. TheApproval Status is now Install.

Now we will conf igure Group policy to deploy the updates to the client machines. Login to DomainController with domain administrator account. Click on Start, Administrative tools, Group PolicyManagement . Right click the domain and click Create a GPO in this domain and link it here .

Provide a name to the policy WSUS Update policy and right click and Edit the policy.

Navigate to Computer Configuration, Policies, Administrative Templates, Windows Components,Windows Update .

Double click the policy Specify intranet Microsoft update service location. click Enabled, and underoptions set http://wsus.prajwal.local as the intranet updates service for detecting updates. This waywe are f orcing the clients to download the windows updates f rom WSUS server. Click on Apply and OK.

On the same page, click on the policy configure Automatic updates. Under options select the 3-AutoDownload and notify for install. Set Schedule Install day as 0- Everyday, set scheduled install t imeto 10:00. (you can set these options as per your requirement). This means Windows f inds updates thatapply to your computer and downloads these updates in the background (the user is not notif ied orinterrupted during this process). When the download is complete, the icon appears in the status area, withnotif ication that the updates are ready to be installed. Clicking the icon or message provides the option toselect which updates to install. Click Apply and OK. Close the Group policy management console.

Af ter f ew minutes we can see a windows update notif ication on client machine,CLIENT.PRAJWAL.LOCAL.

When you double click the windows update icon, we see that 37 important updates are available.

In the next post we will see more about managing the WSUS.