What is WSUS Server?

Windows Server Update Services server (WSUS) is a central repository on your network which downloads and maintain latest updates from Microsoft update server. 
The WSUS then distributes those updates to client computers. In this way, each client computer does not have to download updates directly from Microsoft on internet therefore, reducing bandwidth and traffic on the network.

In this article I’ll walk you through to deploy WSUS in a domain environment and using group policies on Windows Server 2012 R2. The article has following five major parts:

  1. Installing WSUS Server Role
  2. Configuring WSUS
  3. Creating Group Policies and Linking on Client Computers OU to Point them on WSUS
  4. Approving Updates on WSUS for Client Computers to Download
  5. Testing the Configuration 
  6. Prerequisites

Before proceeding with installation and configuration, make sure your machine meets the following requirements:

  1. Manual or static IP address is configured
  2. Windows firewall is turned off
  3. Latest security updates from Microsoft are installed 
  4. Administrator account has strong password 
  5. Internet connection is working so WSUS can download updates from Microsoft

Installing WSUS Server Role

Step 1: On your server manager dashboard, click Add roles and features

Step 2: Click Next

 

Step 3: Select Role-based or feature-based installation and click Next

Step 4: Click Next

Step 5: Select Windows Server Update Services from roles and wait for a new window to pop up

Step 6: Click Add Features

Step 7: Click Next

 

Step 8: Click Next

 

Step 9: Click Next

Step 10: Click Next

Step 11: Provide the path of a folder on one of your NTFS drive where updates can be stored.  Click Next

 

Step 11: Click Next

Step 12: Click Next

 

Step 13: Click Install and the installation will begin which can take 10 - 15 minutes to complete

 

Step 14: Click Launch Post-Installation tasks. This step can also take 10 – 15 minutes to finish  

Configuring WSUS Server 
 

Step 1: Open your server manager dashboard, Click Tools -> Windows Server Update Services

Step 2: Click Next

Step 3: Click Next

Step 4: If you have a proxy server in your network, configure the proxy settings otherwise click Next

Step 5: Click Start Connecting to connect to upstream server of Microsoft

Step 6: Click Next

Step 7: Select language(s) and click Next

Step 8: Select the product(s) you need to download updates for. Click Next

Step 9: Select the type of updates and click Next

Step 10: Select Synchronize manually and click Next. You can also setup an automatic schedule for synchronization

 

 

Step 11: Click Next

 

Step 12: Click Finish 

Step 13: In WSUS console, click on your machine to verify the synchronization status

Creating Group Policies and Linking on Client Computers OU to Point them on WSUS Server

Step 1: Go to your DC server. Open Server manger dashboard, Click Tools -> Group Policy Management

 

Step 2: Expand forest node. Right-click Group Policy Objects -> Click New

Step 3: Provide the name of group policy object and click OK

Step 4: Right-click the GPO created in step 3 -> Click Edit


Step 5: Expand Computer Configuration -> Policies -> Administrative Templates -> Windows Components and click Windows Update. Locate Configure Automatic Updates in the right-most pane, right-click it -> Click Edit


Step 5: Select Enabled and 3 – auto download and notify for install. Click OK

Step 6: Expand Computer Configuration -> Policies -> Administrative Templates -> Windows Components and click Windows Update. Locate Specify intra Microsoft Update service location in the right-most pane, right-click it -> click Edit

Step 7: Select enabled and provide FQDN of WSUS server in the form http://<WSUS server>:8530. Click OK

Step 7: Select the desired OU of your computers you want to configure for updates from WSUS server and Right-click it -> Click Link an Existing GPO…

Step 8: Select the GPO created in step 3 and click OK

Step 9: Open command prompt and type 

gpupdate 

for the policies to be applied immediately

 

Approving Updates on WSUS Server for Client Computers to Download

 

Step 1: Go to WSUS server. Open console, click All Updates and select all the updates you would like to approve. Click Approve

Step 2: Right-click both nodes one by one and click Approve for Install. Click OK

Step 3: Click Close

Testing the Configuration

Step 1: Go to your client machines configure it to check for updates. 

 

Step 2: In your WSUS console, expand Computers node. You will see a list of client computers requested for updates to WSUS server. Your configuration is successful.

Conclusion

Congratulations on deploying WSUS server on your network. Although installation and configuration of WSUS server is very simple but there are many steps involved. Please let me know about your experience in comments while I get ready to publish my next post.