wsus 2012r2e guide

8/12/2019 Wsus 2012r2e Guide

1/22

Tom Ziegmannhttp://www.tomontech.com10/20/2013 1

Installing Windows Server Update Services

(WSUS) on Windows Server 2012 R2 Essentials

With Windows Server 2012 R2 Essentials in your business, it is important to centrallymanage your workstations to ensure they are secure and up-to-date. With Windows

Server Update Services, you can do just that.

If you are running Windows Server 2012 Essentials, these directions will not work

without performing additional steps. The WSUS role on Windows Server 2012

Essentials (non-R2) requires some pre-configuration before it can be installed.

What youll need:

A server running Windows Server 2012 R2 Essentials with at least4GB of RAM,8GB or higher is recommended

SQL Server 2012 Management Studio available fromhttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-

A1533227CD69/SQLManagementStudio_x64_ENU.exe(download and copy to a

shared folder on the server)

Table of Contents:

Install Windows Server Update Services Role......................................................................................... 2

Perform initial WSUS configuration ......................................................................................................... 6

Install SQL Server Management Studio ................................................................................................... 9

Move WSUS database to a new location .............................................................................................. 11

Adjust memory usage settings for Windows Internal Database........................................................ 17

Configure WSUS to integrate with Group Policy.................................................................................. 18

Create automatic approval rules for update deployment................................................................... 20
http://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exehttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exehttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exehttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exehttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exe

8/12/2019 Wsus 2012r2e Guide

2/22


Install Windows Server Update Services Role

Connect to your server using

Remote Desktop Connection.

Click Start -> All Programs ->

Accessories -> Remote Desktop

Connection

Logon with the user name and

the password you use to

administer your server.

Once connected, click the

Administrative Tools icon on the

Start screen.

Scroll down and launch Server

Manager.

In Server Manager, click on Add

Roles and Features.

8/12/2019 Wsus 2012r2e Guide

3/22


Click Nexton the Before you Beginscreen.

Accept defaults for the installation type, and

then click Next.

Select your Windows Server 2012 R2

Essentials system and click Next.

Select Windows Server Update Serviceson

the Server Roles selection, then click Next.

8/12/2019 Wsus 2012r2e Guide

4/22


When prompted to add additional required

features for installation, click Add Features

then click Next.

Accept the defaults on the Features screen,

and click Next.

Read the description, and then click Next.

Accept the defaults for Role Services, then

click Next.

8/12/2019 Wsus 2012r2e Guide

5/22


Create a folder on a drive with enough space

to handle the WSUS content.

Ensure the Store updates in the following

locationis checked, specify the path to the

folder you created, and then click Next.

Confirm your installation selections, and then

click Install.

Installation will then proceed. This step can

take some time depending on your system.

After installation completes, click the blue

Launch Post-Installation taskslink near the

top of the results pane.

The Windows Server Update Services

Configuration Wizard will launch.

8/12/2019 Wsus 2012r2e Guide

6/22


Perform initial WSUS configuration

Read the Before you Begin information, then

click Next.

Choose if you want to join the Microsoft

Update Improvement Program, then click

Next.

In most cases, you should be able to leave

the proxy server settings alone. However, if

you have a proxy server, you will need to

specify the information, then click Next.

8/12/2019 Wsus 2012r2e Guide

7/22


WSUS will need to connect to obtain initial

metadata.

Click Start Connecting.

This process should be fairly quick.

After the download is complete, click Next.

Choose any necessary languages for the

client PCs that your server will support, then

click Next.

Choose the products you want your WSUS

server to house updates for, then click Next.

8/12/2019 Wsus 2012r2e Guide

8/22


Choose the classifications want your server

to house, then click Next.

NOTE:Below the checklist is the description

of each classification. This can be helpful in

determining what to download. Thescreenshot at right is similar to SBS systems

of the past and what classifications were

downloaded out of the box.

The classifications are:

- Critical Updates- Definition Updates- Security Updates- Service Packs-

Update RollupsChoose the appropriate synchronization

schedule for your environment, then click

Next.

Do not check the box to begin

synchronization at this point. The database

will be moved first from its default location

on the system partition to a different

partition to ensure that the system partition

does not run out of room because of WSUS

database growth.

Click Finish.

8/12/2019 Wsus 2012r2e Guide

9/22


Install SQL Server Management Studio

Browse to where you downloaded the SQL

Server installer and double-click the file.

When the SQL Server Installation Center

loads, click New installation or add

features to an existing installation.

NOTE: If you do not have multiple

partitions, continue to install the SQL

Management Studio, then skip to the

Adjust memory usage settings for

Windows Internal Database section.

Allow the installer to download the latest

updates prior to installation, and click

Next.

Read and accept the license terms, and

then click Next.

8/12/2019 Wsus 2012r2e Guide

10/22


Leave the defaults for feature selection and

then click Next.

Choose whether or not to enable Error

Reportingand then click Next.

The installation of SQL Server Management

Studio will then begin.

8/12/2019 Wsus 2012r2e Guide

11/22


After installation is complete, click Close.

Move WSUS database to a new locationTo prepare to move the database, the

WSUS service needs to be stopped.

Launch Command Prompt as an

Administrator, and run net stop

wsusservice.

Create a folder for the database to be

stored on a drive with plenty of storage.

This is likely to be the same drive as theWSUS content storage.

After creating the folder, right click on it,

and click Properties.

For the database to function correctly, we

have to give the SQL service account the

ability to access this folder.

8/12/2019 Wsus 2012r2e Guide

12/22


Click the Securitytab, and then click the

Advancedbutton.

Click the Addbutton.

Click the Select a Principallink.

8/12/2019 Wsus 2012r2e Guide

13/22


On the Select Users or Groups screen,

click Locationsand change the location to

your server name, then click OK.

The account that needs to be added is

called NTSERVICE\MSSQL$MICROSOFT##WID.

Type the account name, click Check

Names, and then click OK.

On the right side of the window, click

Show advanced permissions.

The service account needs the following

permissions checked.

List folder / read data

Read attributes

Read extended attributes

Create files / write data

Create folders / append data

Write attributes

Write extended attributes

Delete

Read permissions

Click OKto add the account and itspermissions.

Click OK to close the Advancedscreen.

8/12/2019 Wsus 2012r2e Guide

14/22


Click OKto close the properties dialog.

Go to the Start screen, click the arrow in

the lower left hand corner to show All

Apps, then right click on SQL Server

Management Studio.

Click Run as Administrator. Accept the

User Account Control prompt that appears.

On the Connect to server screen, type

\\.\pipe\MICROSOFT##WID\tsql\query.

Ensure that Windows Authentication is

selected, then click Connect.

Expand Databases in the Object Explorer,and right-click on SUSDB.

Click on Tasks > Detach.

8/12/2019 Wsus 2012r2e Guide

15/22


On the Detach Database screen, check the

Drop Connectionscheckbox, and click OK.

Browse to C:\Windows\WID\Data

You may need to accept a User Account

Control prompt.

Move SUSDB.mdf and SUSDB_log.ldfto

the database folder created earlier.

Go back to SQL Server Management

Studioand right click on Databases, then

click Attach.

8/12/2019 Wsus 2012r2e Guide

16/22


Click Addto locate the database.

Browse to the folder where the database

files have been moved to, and then click on

SUSDB.mdf.

Click OK.

Verify that the information is correct for

the location of the Data and Log filesand

then click OK.

Verify that SUSDB appears in the database

listing.

Restart the WSUS Service, by launching

Command Prompt as an Administrator,

and type net start wsusservice.

8/12/2019 Wsus 2012r2e Guide

17/22


Adjust memory usage settings for Windows Internal Database

Launch SQL Server Management Studio and Run

as an Administrator if it is not already running.

Connect to the server.

Right click on

\\.pipe\MICROSOFT##WID\tsql\queryand click

on Properties.

Click on the Memorytab and then specify the

Maximum server memoryto be between 256-

512MB, then click OK.

Most WSUS installations in the 2012 R2 Essentials

space should not require much more RAM for SQL

than this due to the smaller number of connected

clients.

8/12/2019 Wsus 2012r2e Guide

18/22


For the new memory settings to take effect, the

service needs to be restarted.

Right click on

\\.pipe\MICROSOFT##WID\tsql\queryand then

click Restart.

Click Yes. The service will then restart.

Now that the database has been moved, the initial

synchronization of updates can occur.

To begin the sync, go to Administrative Toolsfrom the Start screen, and locate Windows Server

Update Services.

Click Synchronizationsfrom the left pane.

Click Synchronize Now.

The status of the synchronization will appear in

the bottom middle pane.

It will also show in the listing above the status

pane.

Configure WSUS to integrate with Group Policy

If the WSUS console isnt already running, go to

Administrative Toolsfrom the Start screen, and

locate Windows Server Update Services.

8/12/2019 Wsus 2012r2e Guide

19/22


Click on Optionsin the left hand pane.

Click on Computerson the right pane.

In the Computers property window that appears,

click on Use Group Policy or registry settings

on computers.

By enabling this option, we can use Client-Side

Targeting within Group Policy to add computers

to the appropriate groups within WSUS.

In the navigation pane, expand Computers, and

then right click on All Computersand click Add

Computer Group.

8/12/2019 Wsus 2012r2e Guide

20/22


Create two computer groups, or more if needed

for your environment.

For example, I have created the groups Servers

and Workstations.

After the groups have been created, verify that

they appear in the navigation pane.

Create automatic approval rules for update deployment

Next, we will create Automatic Approval rules.

These rules can be used to auto approve

updates for specific update types and / or

computer groups.

To create rules, click Optionsin the left hand

pane, and then click Automatic Approvals.

For this example, we will modify the default rule

to automatically approve Critical, Security, and

Definition updates for workstations only.

I would strongly suggest taking some time to

figure out how you want approve updates

before building your ruleset.

Click on the blue all computerslink.

8/12/2019 Wsus 2012r2e Guide

21/22


Check the box for Workstationsonly and then

click OK.

Click the blue Critical Updates, Security

Updateslink.

Check the box for Definition Updatesthen click

OK.

8/12/2019 Wsus 2012r2e Guide

22/22


Ensure the box is checked next to the name of

the rule, click Apply. Then to run the rule, click

the Run Rulebutton.

Repeat the automatic approval rule steps until

you are satisfied with the rules youve created.

To configure your systems to connect to your WSUS server it is strongly recommended to use Group

Policy. Configuring Group Policy is outside the scope of this document, however, I have prepared some

sample group policy settings that can be used as a base for building your policy on top of. Those policy

settings and necessary WMI filters can be found athttp://www.tomontech.com/2013/10/configuring-

group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentials.

Congratulations! You have installed Windows Server Update Services on Windows Server 2012 R2

Essentials!
http://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentials

wsus 2012r2e guide

Documents