Hello all,
Here's a step by step user guide how to setup WSUS for your network! Firstly you need a server with either Windows Server 2003 SP2, Windows Server 2008 or Windows Server 2008 R2.
2003 Server
Install the Microsoft Report Viewer Redistributable 2008 (2MB)
You also need (as a minimum) .NET Framework 2.0 installed (22MB)
Download WSUS 3.0 SP2 (80MB x86)
Whilst these are downloading, add the IIS role. Navigate to Control
Panel > Add/Remove Programs > Add/Remove Windows Components.
Double click ‘Application Server’ then tick to enable Internet
Information Services (IIS). You may need your Windows Server 2003 disc
to install all required components.
When the installation window appears, choose:
Full server installation including Administrative Console > Next
Accept the Terms > Next
WSUS Setup will choose the volume with the most space. You can change this to D:\WSUS or E:\WSUS as required > Next
Use the built in Windows Internal Database > Next
Use the existing IIS Default Web site (Recommended) > Next
Note: If you do not choose the Default IIS Web site, you’ll need to
specify the Microsoft update service location policy differently as
follows (for example):
Specify intranet Microsoft update service location – Enabled
http://SERVERNAME:8080
http://SERVERNAME:8080
When setup completes, cancel the Configuration Wizard that appears. Open WSUS by navigating to Administrative Tools > Windows Server Update Services
On the left, expand SERVERNAME > Computers > All Computers. You
can create computer groups, such as Workstations, Servers and Notebooks.
When your workstations report to WSUS, they’ll appear in the All Computers group, but can be moved as required.
Click on Options > Source and Proxy Server > Proxy Server (tab). Enter your proxy and port, then click OK.
Products and Classifications. By default few products are displayed, but
don’t worry. Choose Windows Server 2003 as a minimum (presuming you
have a 2003 Server in your domain). Click the Classifications tab and
enable:
-Critical Updates
-Definition Updates
-Security Updates
-Update Rollups
-Updates, then click OK.
Update Files and Languages > Update Languages (tab) > Download
updates only in these languages. Tick English, then click OK.
Synchronization Schedule > Synchronize Automatically. Specify 04:00:00 and 1 Synchronizations per day. Click OK.
Automatic Approvals. Tick to enable Default Automatic Approval Rule.
Just below this, click the Critical Updates link. Tick to enable
-Critical Updates
-Definition Updates
-Security Updates
-Update Rollups
-Updates, click OK, and OK.
E-Mail Notifications. Tick to enable Send e-mail notification when new updates are synchronized. Enter your e-mail address.
Tick to enable Send Status Reports. Specify:
Frequency: Weekly
Send reports at: 11:00:00
Recipients: Enter your e-mail address
Click the E-mail Server tab. Specify your SMTP server. If you do not know this, enquire with your LA or ISP.
Sender name: WSUS
E-mail address: WSUS@yourdomain.com then click OK.
Click Synchronizations (near the top left), then near the top right
click Synchronize Now. Wait for the synchronization process to complete,
then return back to Options > Products and Classifications. This
will now be fully populated. Click additional products such as Windows
7, Windows Server 2008 R2 and Office 2010. Click OK, return back to
Synchronizations then click Synchronize Now.
To enable your workstations to report to your WSUS server, navigate to Computer Config > Admin Templates > Windows Components > Windows Update
Specify the following policies:
Do not display ‘Install Updates and Shutdown’ option in Shutdown Windows dialogue box – Not Configured
Do not adjust default option to ‘Install Updates and Shutdown’ in Shutdown Windows dialogue box – Not Configured
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates – Not Configured
Configure Automatic Updates – Enabled
4 – Auto download and schedule the install
0 – Everyday
11:00
Specify intranet Microsoft update service location – Enabled
http://SERVERNAME
http://SERVERNAME
Automatic Updates detection frequency – Enabled
1 Hour(s)
Allow non-administrators to receive update notifications – Disabled
Turn on Software Notifications – Not Configured
Allow Automatic Updates immediate installation – Enabled
Turn on recommended updates via Automatic Updates – Disabled
No auto-restart with logged on users for scheduled automatic updates installations – Enabled
Re-prompt for restart with scheduled installations – Not Configured
Delay restart for scheduled installations – Not Configured
Reschedule Automatic Updates scheduled installations – Enabled
15 Minutes
Enable client-side targeting – Not Configured
Allow signed updates from an Intranet Microsoft Update service location – Disabled
Your workstations will then start reporting to your WSUS console. WSUS setup complete!
src: http://www.edugeek.net/forums/windows-server-2008-r2/80624-how-setup-wsus-2003-2008-2008-r2-server.html
No comments:
Post a Comment