Windows Software Update Services (WSUS)
Lesson 3


By Sai Kurada
August 10, 2023
Installing and Configuring Windows Server Update Services (WSUS) involves several steps to set up the server, configure client computers, approve updates, and manage the update process.

Here's a general outline of the configuration process:

Install WSUS:
  • Install the WSUS server role on a Windows Server machine.
  • Choose whether to use the Windows Internal Database (WID) or an external SQL Server database for WSUS.
Initial Configuration:
  • Launch the WSUS Configuration Wizard after installation.
  • Choose whether to store updates locally or obtain them from Microsoft Update.
  • Select product classifications and update types that you want to synchronize.
  • Configure the synchronization schedule to determine when the WSUS server retrieves updates from Microsoft's servers.
Approval Settings:
  • Configure the automatic approval settings to determine which updates are automatically approved for deployment.
Computer Groups:
  • Organize client computers into groups based on your organization's structure or needs. This helps you manage updates more efficiently.
Group Policy Configuration:
  • Configure Group Policy settings on client computers to point them to the WSUS server for updates.
  • Set the client-side targeting option to direct clients to their respective computer groups in WSUS.
Client Configuration:
  • Ensure that the WSUS client service is running on client computers.
  • Trigger the initial update detection on clients to start the communication with the WSUS server.
Approval and Deployment:
  • Review and approve updates for deployment in WSUS. You can manually approve updates or use automatic approval rules.
  • Choose whether to deploy updates immediately or schedule them for later.
Monitoring and Reporting:
  • Monitor the update status and health of client computers through WSUS reports.
  • Use reports to identify which updates are needed, installed, or failed on specific machines.
Testing and Deployment Rings (optional):
  • If desired, set up deployment rings to test updates on a smaller group of computers before deploying to the entire organization.
Maintenance and Cleanup:
  • Regularly perform maintenance tasks like cleanup to remove expired or unnecessary updates and optimize the WSUS database.
Troubleshooting and Monitoring:
  • Monitor WSUS performance, ensure synchronization is occurring as expected, and troubleshoot any client update issues.
Scalability (for larger environments):
  • If you have a large number of client computers, consider implementing a distributed WSUS infrastructure to manage the load and reduce network traffic.

Remember that the specific steps and options can vary based on the version of WSUS you are using and your organization's needs. Always refer to the official Microsoft documentation for detailed step-by-step guides and best practices for configuring WSUS.

Additionally, as WSUS configurations might change over time due to updates and changing organizational requirements, it's a good practice to regularly review and adjust your WSUS settings to ensure optimal performance and security.
Install the WSUS Server Role

1. Log on to the server on which you plan to install the WSUS server role by using an account that is a member of the Local Administrators group.
2. In Server Manager, click Manage, and then click add Roles and Features.
3. On the Before you begin page, click Next.
4. In the select installation type page, confirm that Role-based or feature-based installation option is selected and click Next.
5. On the select destination server page, choose where the server is located (from a server pool or from a virtual hard disk). After you select the location, choose the server on which you want to install the WSUS server role, and then click Next.
6. On the select server roles page, select Windows Server Update Services. Add features that are required for Windows Server Update Services opens. Click Add Features, and then click Next.

7. On the select features page, retain the default selections, and then click Next.
8. On the Windows Server Update Services page, click Next.
9. On the Select Role Services page, leave the default selections, and then click Next.

10. On the Content location selection page, type a valid location to store the updates. For example, you can create a folder named WSUS_database at the root of drive C: specifically for this purpose, and type C:\WSUS_database as the valid location.
11. Click Next. The Web Server Role (IIS) page opens. Review the information, and then click Next. In select the role services to install for Web Server (IIS), retain the defaults, and then click Next.

12. On the Confirm installation selections page, review the selected options, and then click Install. The WSUS installation wizard runs. This might take several minutes to complete.
13. Once WSUS installation is complete, in the summary window on the Installation progress page, click Launch Post-Installation tasks. The text changes, requesting: Please wait while your server is configured. When the task has finished, the text changes to: Configuration successfully completed. Click Close.

14. In Server Manager, verify if a notification appears to inform you that a restart is required. This can vary according to the installed server role. If it requires a restart, make sure to restart the server to complete the installation.