Overview WSUS 3.0 SP1 delivers important customer-requested management, stability, and performance improvements. Some of the features and improvements include: * Support for Windows Server 2008. * Support for SQL Server 2008. * Enhanced bulk approval capability, preserving existing approvals. * Support for separate proxy servers and ports for SSL and non-SSL traffic. * Office Excel report export. WSUS 3.0 SP1 can be installed alone, or as an upgrade of either WSUS 3.0 RTM or WSUS 2.0 SP1. This package installs both the WSUS 3.0 SP1 Server and WSUS 3.0 SP1 Administration Console components, for all Windows Server 2003 SP1 supported languages. Additionally, the WSUS 3.0 SP1 client is included in all supported client platform languages. You must install the server components on a computer running Windows Server 2008 or Windows Server 2003 SP1 or later. You may install the Administration Console on a remote computer running Windows Server 2008, Windows Vista, Windows Server 2003 SP1, or Windows XP SP2. WSUS 3.0 SP1 Server Installation on Windows Small Business Server 2003 If you are installing the WSUS 3.0 SP1 product on Windows Small Business Server 2003, follow the instructions in Installing Windows Server Update Services 3.0 on Windows Small Business Server 2003. There are 4 common methods of deploying WSUS: * Single WSUS server * Multiple independant WSUS servers * Multiple Internally synchronised WSUS servers * Disconnected WSUS servers A Single Wsus server would be suitable for a small or simple network. It will synchronise with Microsoft update and then distribute its updates to your servers/clients. Multiple independant WSUS servers could be setup to synchronise with microsoft Update and configured to for example, update only one specific type of client, eg: XP clients or Vista, then another WSUS server in your organisation could be setup just to update your Server 2008 servers. Multiple Internally synchronised WSUS servers is where you have multiple WSUS servers in your organisation but only one connects to Microsoft Update, this is called the Upstream WSUS server and all other WSUS servers (called the Downstream WSUS servers) synchronise via this WSUS server. The synchronisation methods can be either Autonomous or Replica. Disconnected WSUS servers are not connected to the internet at all. You would typically utilise this setup in an organisation that doesn't have or allow internet access. The Microsoft Updates would have to be pulled down from another internet conencted WSUS server and then burned to cd or dvd and copied to the disconnected WSUS server.

Installation

Install the Report Viewer first Double-click on the Report viewer exe, choose next to continue at the welcome screen

accept the license terms. click Install to install

Once done click finish.

Install WSUS Double click on the WSUS exe, choose next at the welcome screen

Choose the Full Server installation

Accept the license agreement

Select your update source (local or on windowsupdate)

now if you havn't installed SQL 2008 yet, then please do so as the next screen will allow us to pick between an internal windows database (first option) or to connect to our MSSQL database (default) second option. Choose use existing database as below in the screenshot

It will hopefully successfully connect to your database, click next to continue

when prompted what IIS website to use, choose the default option (use the existing IIS website)

You'll see a summary click next to continue

that's it, all done, click Finish.

Note: if you are going to use SCCM to manage patch management, then do NOT run the WSUS configuration wizard below The WSUS configuration wizard automatically starts after the Setup wizard completes. Because Configuration Manager 2007 SP1 manages the WSUS settings, you should exit the configuration wizard after it opens.

Note: if you are going to use SCCM to manage patch management, then do NOT run the WSUS configuration wizard below Starting WSUS for the first time Click on Start/All Programs/Administrative tools/Microsoft Windows Server Update Services 3.0 SP1 this will start a wizard (pictured below) click next

choose to opt in or opt out (default is opt in)

Next you can choose your Upstream Server, I stayed with the default option

enter your proxy settings (if any)

click next and then start connecting. Once the Wizard has synchronized information with the Microsoft Update web servers you can click next to continue

next you get to choose which languages to support

and which Microsoft Products to support by default all office versions and all windows versions are selected, remove those which you don't need as all of these updates etc will take up storage space

next you can choose what type of updates to download

pick a schedule to synchronise

finished !

review next steps and then click on Finish to end the wizard.

At this point you can now use the WSUS UI

Note: If you intend on using SCCM 2007 to deploy updates using the WSUS integration then do NOT do any of the steps here. The instructions here also assume that your network runs Active Directory and that you use Group Policy to manage your network. For more information about Group Policy, see Microsofts Group Policy home page. You can configure one or more computers by including them in a Group Policy object (GPO). By configuring Automatic Updates using Group Policy, these settings will take precedence over any settings that are defined locally on the computers within your Domain. Note: You should Link this WSUS GPO to an Active Directory container appropriate for your environment. In a simple environment, you link a single WSUS GPO to the domain. In a more complex environment, you might link multiple WSUS GPOs to different organizational units (OUs). Start the Group Policy Management MMC and highlight your domain as in the screenshot below.

Right-click the domain and choose Create a GPO in this domain, and link it here

When the New Group Policy Object window appears, give it a name like WSUS GPO and click OK

right click on our new GPO and choose Edit

expand Policies then click and highlight Administrative Templates. Before you can configure WSUS group policy settings you should load the latest version of the administrative template, wuau.adm. Right click on Administrative Templates and choose Add/Remove Templates, click on the Add button and scroll down to the bottom until you can see the wuau.adm file. Select the file and click Open and close. Now that you have loaded the wuau.adm template, you are ready to expand Windows Components.

Scroll down to Windows Update and enable the following options (circled in Red)

Automatic Updates are now enabled, but before the computers can receive updates from the WSUS server we need to configure the following group policy setting: Specify intranet Microsoft Update service location and fill in the https address of the WSUS server, so click on it and view it's properties. We have already enabled the group policy setting as in the screenshot above, however we need to enter the https address of our WSUS server, so do that in the two empty fields provided and click ok.

Startup WSUS