Sunday, 23 March 2014

How to install and configure WSUS in windows server 2008

Understanding the concept

Windows server update service(WSUS) is one of the server roles which allows IT administrators to deploy  latest Microsoft product updates to computers that are running the Windows operating system. Using this service will allow administrators to fully manage the updates that are released by Microsoft by setting up hierarchies of wsus service and wsus client computers group. They can  Let us consider the scenario,

  1. In an organization it may not be important to have internet on all the clients and it is necessary to keep the       clients secured with windows update as well. WSUS will help you to control this ie, you can download all the windows updates to the centralized server and push the updates automatically/manually to the clients.
  2. When there are customized applications developed for your organization, it is necessary to check windows updates before installing on all clients and make sure that it will not affect our internal applications. In this case you can manually install each updates on a test clients and observe the status. If the updates are compatible with your network you can allow only the relevant applications to install and remaining updates to decline.
  3. You can schedule the update to install at the convenient time to install, create the reports for updates installation and receive the e-mail notifications about the newly downloaded the updates and installation status.

Installing and configuring WSUS

  1. Either you can install it from server roles or download the latest standalone version. When you initiate the installation from server roles it requires internet connection to complete since it will automatically search for updates. If the server does not have the internet at the moment you can mention download the standalone version from MS download center(KB972455).

From step 2 to 7 shows when you install WSUS using server manager. It is recommended to install using server manger since it will automatically detect the additional roles that are required for WSUS and will install by below steps. If you choose to download and install from MS download center you may fail to install it with the error message that required services are not installed(IIS and its dependent components). So make sure that you have installed these components from server manager before downloading and installing it.

  • Microsoft Internet Information Services (IIS) 7.0. Ensure that the following components are installed:
Windows Authentication, ASP.NET, 6.0 Management Compatibility, IIS Metabase Compatibility
  • Microsoft Report Viewer Redistributable 2005

Follow below steps to install WSUS using server manager

  1. Start->Administrative tools-> Server manager->Select 'Roles'->'Add role'
  2. Select 'Windows server update service'->Upon selecting this you may prompt with other services that are relevant for WSUS to run. Select 'Add required role services'(If you have those services already installed you will not have this prompt)and click 'Next'.

  1. Click 'Next' on IIS introduction window.

  1. Now you will have the list of role services to install for IIS. It will have a list of default features that are required for WSUS to work correctly hence you can simply click 'Next' without making any changes to selected roles.

  1. Now you will have an introductions to WSUS and click on 'Next' to start the installation.

  1. Confirm the installation selections and click on 'Install' which will initialize the installation.

  1. Once the installation is succeeded you will have the success message and you can locate it from Start->Administrative tools-> Windows server update service.

Steps to follow when you have downloaded the latest version directly from MS download center

  1. Double click on the file downloaded which will get you to the below screens, click 'Next'.

  1. Now you need to specify the role of the server, since this is my WSUS server and I need all the services to be installed on this server I have selected the option 'Full server installation including administration console'.
If you need to install only the administration console which will help you to connect with WSUS service installed on a server  and manage it you can use 'Administration console only'(It can be installed on a client or server OS as well).

  1. Accept the license agreement and click 'Next'.

  1. It is necessary to install 'Microsoft report viewer 2008 redistributable' when you want to generate the reports. It can be either installed before installing  WSUS or after installing WSUS. You can download it from the below MS link:

 I will install it after this process so click 'Next' to continue.

  1. You can specify either your updates to store locally or in Microsoft updates itself. It is recommended save the updates locally to improve the client download faster so you can leave the default option and click 'Next'(Note: Your updates will download locally only if the updates are approved else you will have only the names listed in your WSUS console) .

  1. Now you will be asked for the data store which requires to save the details of WSUS server and its clients. You can either specify the windows internal database or SQL database which is installed on this server or remote. We will continue with the default option and click 'Next'.

  1. You need to specify the website that is used for WSUS service. It can be either 'default website' or create another website. I would recommend you to create another website to avoid future port conflicts(Since this service also uses port 80(self update)), Click 'Next'.

  1. Now you will have a summary window and on next step it will install WSUS in your server. Since I don’t have windows internal database installed it will install this feature also, Click 'Next'.

  1. Click 'Finish' to close the window.

  1. Now it will automatically open a window to configure WSUS. Click 'Next' to start configuration(You can complete the below operations later as well).

  1. You can specify to fetch the updates directly from Microsoft or from another WSUS server. Since I dot have another WSUS server and I wish to get the updates directly from MS I have selected the first option 'Synchronize from Microsoft Update'. Click 'Next'.

  1. If you have a proxy server in your network specify the details and click 'Next'.

  1. Now you need to connect to the internet you need to apply your upstream server, proxy server settings and synchronize information about available updates so click on 'Start connecting' and wait for the process to start and click 'Next' once it is completed.

  1. Specify the languages that you want to download the updates. I would recommend you to select the least number of languages since it will increase the disk space utilization. Click 'Next'.

  1. Now you need to specify the updates that are required in your network. Verify each MS products that you have in your network and put a tick mark on the updates that are required.

  1. Select the update classifications that you require either it can be only critical updates and updates or entire classification. Select only the required classification to decrease the disk space utilization. Click 'Next'.

  1. Specify the synchronization details either it can be manual or automatic as per your needs. It will be useful to schedule automatic and synchronize after working hours of your organization which will help you to utilize the bandwidth effectively and without manual synchronization.

  1. You will have success message. Click 'Next' to launch the WSUS console and begin the initial synchronization.

  1. Click 'Finish' on next window. And you can open WSUS from 'Administrative tools'->'Windows server update service'

No comments:

Post a Comment