How to Setup WSUS on 2003/2008/2008 R2 Server

Hello all,

Here's a step by step user guide how to setup WSUS for your network! Firstly you need a server with either Windows Server 2003 SP2, Windows Server 2008 or Windows Server 2008 R2.

2003 Server

Install the Microsoft Report Viewer Redistributable 2008 (2MB)

You also need (as a minimum) .NET Framework 2.0 installed (22MB)

Download WSUS 3.0 SP2 (80MB x86)

Whilst these are downloading, add the IIS role. Navigate to Control Panel > Add/Remove Programs > Add/Remove Windows Components. Double click ‘Application Server’ then tick to enable Internet Information Services (IIS). You may need your Windows Server 2003 disc to install all required components.

When the installation window appears, choose:

Full server installation including Administrative Console > Next

Accept the Terms > Next

WSUS Setup will choose the volume with the most space. You can change this to D:\WSUS or E:\WSUS as required > Next

Use the built in Windows Internal Database > Next

Use the existing IIS Default Web site (Recommended) > Next

Note: If you do not choose the Default IIS Web site, you’ll need to specify the Microsoft update service location policy differently as follows (for example):

Specify intranet Microsoft update service location – Enabled
http://SERVERNAME:8080
http://SERVERNAME:8080

When setup completes, cancel the Configuration Wizard that appears. Open WSUS by navigating to Administrative Tools > Windows Server Update Services

On the left, expand SERVERNAME > Computers > All Computers. You can create computer groups, such as Workstations, Servers and Notebooks. When your workstations report to WSUS, they’ll appear in the All Computers group, but can be moved as required.

Click on Options > Source and Proxy Server > Proxy Server (tab). Enter your proxy and port, then click OK.

Products and Classifications. By default few products are displayed, but don’t worry. Choose Windows Server 2003 as a minimum (presuming you have a 2003 Server in your domain). Click the Classifications tab and enable:

-Critical Updates
-Definition Updates
-Security Updates
-Update Rollups
-Updates, then click OK.

Update Files and Languages > Update Languages (tab) > Download updates only in these languages. Tick English, then click OK.

Synchronization Schedule > Synchronize Automatically. Specify 04:00:00 and 1 Synchronizations per day. Click OK.

Automatic Approvals. Tick to enable Default Automatic Approval Rule. Just below this, click the Critical Updates link. Tick to enable

-Critical Updates
-Definition Updates
-Security Updates
-Update Rollups
-Updates, click OK, and OK.

E-Mail Notifications. Tick to enable Send e-mail notification when new updates are synchronized. Enter your e-mail address.

Tick to enable Send Status Reports. Specify:

Frequency: Weekly
Send reports at: 11:00:00
Recipients: Enter your e-mail address

Click the E-mail Server tab. Specify your SMTP server. If you do not know this, enquire with your LA or ISP.

Sender name: WSUS
E-mail address: WSUS@yourdomain.com then click OK.

Click Synchronizations (near the top left), then near the top right click Synchronize Now. Wait for the synchronization process to complete, then return back to Options > Products and Classifications. This will now be fully populated. Click additional products such as Windows 7, Windows Server 2008 R2 and Office 2010. Click OK, return back to Synchronizations then click Synchronize Now.

To enable your workstations to report to your WSUS server, navigate to Computer Config > Admin Templates > Windows Components > Windows Update

Specify the following policies:

Do not display ‘Install Updates and Shutdown’ option in Shutdown Windows dialogue box – Not Configured

Do not adjust default option to ‘Install Updates and Shutdown’ in Shutdown Windows dialogue box – Not Configured

Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates – Not Configured

Configure Automatic Updates – Enabled
4 – Auto download and schedule the install
0 – Everyday
11:00

Specify intranet Microsoft update service location – Enabled
http://SERVERNAME
http://SERVERNAME

Automatic Updates detection frequency – Enabled
1 Hour(s)

Allow non-administrators to receive update notifications – Disabled

Turn on Software Notifications – Not Configured

Allow Automatic Updates immediate installation – Enabled

Turn on recommended updates via Automatic Updates – Disabled

No auto-restart with logged on users for scheduled automatic updates installations – Enabled

Re-prompt for restart with scheduled installations – Not Configured

Delay restart for scheduled installations – Not Configured

Reschedule Automatic Updates scheduled installations – Enabled
15 Minutes

Enable client-side targeting – Not Configured

Allow signed updates from an Intranet Microsoft Update service location – Disabled

Your workstations will then start reporting to your WSUS console. WSUS setup complete!

src: http://www.edugeek.net/forums/windows-server-2008-r2/80624-how-setup-wsus-2003-2008-2008-r2-server.html