Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

How to use Windows Server Update Service

Simplify patch management over a network

Article comments

One of the challenges that comes with running a network is keeping your operating systems patched and secure. In response to this problem, Microsoft has released Windows Server Update Service 3.0 SP2 as a means to centrally download updates and control how they are deployed to the computers throughout your network. Additionally, WSUS provides extensive reporting features to quickly give you a snapshot of your computers’ status. If your network is big enough to have a server and use Active Directory, it’s big enough to benefit from using WSUS.

Despite the relative sophistication of Windows Server Update Service, it’s fairly easy to get a basic installation up and running. The prerequisites are a server running Windows Server 2003 SP1 or greater, IIS 6.0 or greater, .NET 2.0 framework, and Report Viewer 2008 Redistributable 2008. If you run SQL server 2005 SP2 or greater, you can use that. Otherwise the Windows Internal Database will be installed automatically. It’s worth taking a look at the WSUS 3.0 SP2 release notes for more detailed requirements.

Installing WSUS 3.0 SP2

WSUS Configuration WizardOnce you confirm that your server meets the above prerequisites, download the appropriate version (32-bit or 64-bit) of WSUS and run the setup. If you’re upgrading from an unsupported database, WSUS 3.0 SP2 will automatically migrate your database to the Windows Internal Database. During installation, you’ll need to specify an uncompressed NTFS partition with at least 6GB of free space. Once installed on a server, you can run the installation on your desktop computer for remote management.

During setup, WSUS launches a configuration wizard, giving you an opportunity to specify what languages you use, what products you want to see updates for, and what types of updates are synchronised. By default, only critical updates, definitions and security updates are selected. I recommend selecting All Classifications, since updates aren’t actually deployed unless you approve them anyway.

Configuring Clients

WSUS Group Policy WizardNext you’ll want to configure your clients to use the WSUS server using Group Policy. If you’re unfamiliar with Group Policy, visit the Group Policy home page for more information.

Using the Group Policy Management Console create a new policy and link it to the appropriate Organisational Unit. Then right click on the policy, select edit, and browse to Computer Configuration, Policies, Administrative Templates, Windows Components, and finally Windows Update. Here you’ll want to modify the following policies.

- Configure Automatic Updates. Click Enable and then choose the option most appropriate for your organisation.

- Specify intranet Microsoft update service location. Click Enable then type in the URL for your server in both fields (e.g. http://yourWSUSserver).

- No Auto-restart with logged on users for scheduled automatic updates. Enabling this is optional, but highly recommended. Users get irate when their computers automatically restart without their consent.

- Enable Clientside targeting. This one is also optional. While you can use the WSUS client for putting computers in groups, you can also specify them here.

Creating Groups

Groups are useful when you want different computers to have updates applied differently. For example, you might want to automatically install service packs for office computers, but install them manually on your servers or lab computers.

Creating groups is simple. Open the Windows Server Update Services management tool, then expand Computers, right click on Unassigned Computers and select Add Computer Group. You can add computers to this group by right clicking on them in Unassigned Computers, selecting Change Membership and check the group (or groups) you want to add it to.

Configure Auto-Approval Rules

WSUS Update ServicesVirtually no one is sadistic enough to want to manually approve each update from Microsoft. Fortunately, there’s a way to automatically approve updates. Open the Windows Server Update Services management tool, click on Options and then Automatic Approvals. You’ll notice there’s already a rule created named Default Automatic Approval Rule. This rule automatically approves all critical updates and security updates for all computers. It’s a great default rule and may be all you need. To enable it, simply check the box next to it and click apply.

It should be obvious that WSUS is a robust tool with a host of options and features. While I highly recommend exploring it further to see how else it can serve you, simply installing it and configuring the options recommended here will go a long way toward automating the management of your network.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *