wsus configuration

8/13/2019 wsus configuration

1/45

Install and configure WSUS 3.0 SP2 Step-By-Step

106 Votes

Microsoft Windows Server Update Services 3.0 SP2 (WSUS 3.0 SP2) enables information

technology administrators to deploy the latest Microsoft updates, hotfixes and service packs

to computers running Microsoft Windows Server 2003 family, Windows Server 2008,

Microsoft Windows Vista family, Microsoft Windows XP with Service Pack 2 operating

systems. By using WSUS, administrators can fully manage and take control of the

distribution of updates that are released through Microsoft Update.

Prerequisites for WSUS server

Windows Server 2003 SP1 or Windows Server 2008 Microsoft Internet Information Services (IIS) 6.0 or later Windows Installer 3.1 or later Microsoft .NET Framework 2.0 Microsoft Report Viewer Redistributable 2005 Microsoft Management Console 3.0 SQL Server 2005 SP1 or later

Prerequisites for WSUS clients (x86 and x64)

Windows XP SP2, Windows Vista, Windows 7 Windows Server 2003 or Windows Server 2008

WSUS Deployment Scenarios


2/45


3/45

Select as above. you must select ASP.net and IIS, then check Internet Information Services

and click Details.

Check BITS, check IIS manager and click on details


4/45

Check ASP and WWW and click ok.

2. MMC 3.0 installation


5/45

no need to install you installed service pack on your server

3. .net framework installation

Download .net 2 framework from

thelinkhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-

4B0D-8EDD-AAB15C5E04F5&displaylang=en

run installation, click next, accept EULA and follow the installation screen.

4. MS report viewer installation, Download report viewer from theLink

run installation, click next, accept EULA and follow the installation screen.
http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?familyid=8a166cac-758d-45c8-b637-dd7726e61367&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?familyid=8a166cac-758d-45c8-b637-dd7726e61367&displaylang=enhttp://araihan.files.wordpress.com/2009/08/image16.pnghttp://www.microsoft.com/downloads/details.aspx?familyid=8a166cac-758d-45c8-b637-dd7726e61367&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en


6/45

5. SQL Server 2005 SP1 installation

download SQL server 2005 from thelink
http://www.microsoft.com/downloads/details.aspx?FamilyId=11350B1F-8F44-4DB6-B542-4A4B869C2FF1&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=11350B1F-8F44-4DB6-B542-4A4B869C2FF1&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=11350B1F-8F44-4DB6-B542-4A4B869C2FF1&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=11350B1F-8F44-4DB6-B542-4A4B869C2FF1&displaylang=en


7/45

Click next and click install, click next again
http://araihan.files.wordpress.com/2009/08/image17.png


8/45

follow installation screen until finish.


9/45

Now you have fulfil prerequisite as mention above.

WSUS installation

download WSUS fromhttp://connect.microsoft.com/directory/website. sign in using hotmail

or live account. download x86 or x64 as you prefer. here I am installing x86 version.
http://connect.microsoft.com/directory/http://connect.microsoft.com/directory/http://araihan.files.wordpress.com/2009/08/19.jpghttp://connect.microsoft.com/directory/


10/45

Click on run

click next


11/45

Check Full server installation radio button, click next


12/45

Accept EULA

You must have two partition in your server as you can see above. I selected D:\WSUS . click

next


13/45

Check use existing database. It is required for enterprise deployment. internal database will

not work if you have large number of desktop and server. click next.


14/45

Click next

On the next screen web site selection check create Microsoft Windows Server Update

Services Web Site on port 8530

DO NOT CHECK RECOMMENDED


15/45

Click next
http://araihan.files.wordpress.com/2009/08/untitled1.jpg


16/45

Click next , Click next again
http://araihan.files.wordpress.com/2009/08/clip_image00151.gif


17/45


18/45

Click finish. WSUS config wizard will start next


19/45

click next


20/45

Click next


21/45

Provide proxy server IP and credentials above if you have proxy server. in my case I typed

my ISA server IP, port 80 and my domain admin credentials.


22/45

Click on start connecting and wait until finish, click next and follow the config screen to

select your language, products, classification


23/45


24/45


25/45


26/45
http://araihan.files.wordpress.com/2009/08/173.jpg


27/45

Configure WSUS

open WSUS management console. In the Left hand side pan, click on Options then click on

Change Update File and Language. Check Download Update files to the server when updates

are approved. Select appropriate language. Then Click Apply and Ok.


28/45


29/45

Click on Automatic Approval and create new rules and run the rules. In my case I have two

custom rules.


30/45


31/45


32/45

Open group policy management console, Right click on the Group policy objects container

and click new. create policies for each of computer groups. For Example, WSUS Policy for

desktop, WSUS Policy for Windows 7 and WSUS Server policy.
http://araihan.files.wordpress.com/2009/08/62.jpghttp://araihan.files.wordpress.com/2009/08/62.jpg


33/45

Now right click on WSUS policy that is desktop policy you just created and change settings

of four GPO that are enabled here on screen

Configure Auto download and schedule installation that fit for you

Point WSUS server and port ashttp://yourserver:8530in both the box

Type target group to populate desktop/pc in WSUS Server.

Check enabled in following box not to reboot machine if user logged on
http://yourserver:8530/http://yourserver:8530/http://yourserver:8530/http://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://yourserver:8530/


34/45

Repeat this process for WSUS server policy, Windows 7 Policy and so on.

In GPO management console, Right click on the organisational unit that

contain desktop/workstation and link existing WSUS policy you created in above steps with

this organisational unit.


35/45

Link it with WSUS policy

Repeat same steps for all other organisational unit in GPO management console. Now you

may close GPO now.

Important! Do NOT link WSUS policy in child OU. Link directly to the top of OU hierarchy

otherwise workstation will not populate.

Publish WSUS policy in ISA Server

If you have ISA 2004/2006 or Forefront TMG 2010, you have to set WSUS policy in ISA

firewall access rule. so that ISA doesnt block communication between server and client. You

dont need to do it if nothing blocking between Client and Server communication and dont

have a firewall.

To publish WSUS policy, Open ISA

management console
http://araihan.files.wordpress.com/2009/08/163.jpghttp://araihan.files.wordpress.com/2009/08/153.jpghttp://araihan.files.wordpress.com/2009/08/143.jpghttp://araihan.files.wordpress.com/2009/08/163.jpghttp://araihan.files.wordpress.com/2009/08/153.jpghttp://araihan.files.wordpress.com/2009/08/143.jpghttp://araihan.files.wordpress.com/2009/08/163.jpghttp://araihan.files.wordpress.com/2009/08/153.jpghttp://araihan.files.wordpress.com/2009/08/143.jpg


36/45

Go to Network Object and expand WEB listener, right click on web listener click new. Type

Name of WSUS server. Name should be netbios name of WSUS server. Follow the screen

shot.


37/45

Click next, click finish.
http://araihan.files.wordpress.com/2009/08/image26.pnghttp://araihan.files.wordpress.com/2009/08/image25.pnghttp://araihan.files.wordpress.com/2009/08/image26.pnghttp://araihan.files.wordpress.com/2009/08/image25.png


38/45


39/45
http://araihan.files.wordpress.com/2009/08/251.jpghttp://araihan.files.wordpress.com/2009/08/241.jpghttp://araihan.files.wordpress.com/2009/08/251.jpghttp://araihan.files.wordpress.com/2009/08/241.jpg


40/45

On the next screen shot select the web listener (WSUS server)

you added in the previous steps.


41/45

Right click on the WSUS Publishing policy, click on property>Click Bridging Tab and check

web server and port 8530


42/45

On the paths add these path if these arent exist already


43/45


44/45

uncheck verify and block option. Apply Changes and click ok.

Troubleshooting

Go to client machine, run

gpupdate /force if client not

showing on WSUS

Run wuauclt

/resetauthorization

/detectnow command from

client machine.

Check Registry of client.
http://araihan.files.wordpress.com/2009/08/image27.pnghttp://araihan.files.wordpress.com/2009/08/322.jpghttp://araihan.files.wordpress.com/2009/08/image27.pnghttp://araihan.files.wordpress.com/2009/08/322.jpg


45/45

Conclusion

Auto update and patch up gives administrator more time to concentrate other things

without spending time on patching up servers and pc. I enjoyed deploying WSUS. I hope

these instruction would be handy for you.

wsus configuration

Documents