Upload
rajiv-mural
View
260
Download
1
Embed Size (px)
Citation preview
8/13/2019 wsus configuration
1/45
Install and configure WSUS 3.0 SP2 Step-By-Step
106 Votes
Microsoft Windows Server Update Services 3.0 SP2 (WSUS 3.0 SP2) enables information
technology administrators to deploy the latest Microsoft updates, hotfixes and service packs
to computers running Microsoft Windows Server 2003 family, Windows Server 2008,
Microsoft Windows Vista family, Microsoft Windows XP with Service Pack 2 operating
systems. By using WSUS, administrators can fully manage and take control of the
distribution of updates that are released through Microsoft Update.
Prerequisites for WSUS server
Windows Server 2003 SP1 or Windows Server 2008 Microsoft Internet Information Services (IIS) 6.0 or later Windows Installer 3.1 or later Microsoft .NET Framework 2.0 Microsoft Report Viewer Redistributable 2005 Microsoft Management Console 3.0 SQL Server 2005 SP1 or later
Prerequisites for WSUS clients (x86 and x64)
Windows XP SP2, Windows Vista, Windows 7 Windows Server 2003 or Windows Server 2008
WSUS Deployment Scenarios
8/13/2019 wsus configuration
2/45
8/13/2019 wsus configuration
3/45
Select as above. you must select ASP.net and IIS, then check Internet Information Services
and click Details.
Check BITS, check IIS manager and click on details
8/13/2019 wsus configuration
4/45
Check ASP and WWW and click ok.
2. MMC 3.0 installation
8/13/2019 wsus configuration
5/45
no need to install you installed service pack on your server
3. .net framework installation
Download .net 2 framework from
thelinkhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-
4B0D-8EDD-AAB15C5E04F5&displaylang=en
run installation, click next, accept EULA and follow the installation screen.
4. MS report viewer installation, Download report viewer from theLink
run installation, click next, accept EULA and follow the installation screen.
http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?familyid=8a166cac-758d-45c8-b637-dd7726e61367&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?familyid=8a166cac-758d-45c8-b637-dd7726e61367&displaylang=enhttp://araihan.files.wordpress.com/2009/08/image16.pnghttp://www.microsoft.com/downloads/details.aspx?familyid=8a166cac-758d-45c8-b637-dd7726e61367&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en8/13/2019 wsus configuration
6/45
5. SQL Server 2005 SP1 installation
download SQL server 2005 from thelink
http://www.microsoft.com/downloads/details.aspx?FamilyId=11350B1F-8F44-4DB6-B542-4A4B869C2FF1&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=11350B1F-8F44-4DB6-B542-4A4B869C2FF1&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=11350B1F-8F44-4DB6-B542-4A4B869C2FF1&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=11350B1F-8F44-4DB6-B542-4A4B869C2FF1&displaylang=en8/13/2019 wsus configuration
7/45
Click next and click install, click next again
http://araihan.files.wordpress.com/2009/08/image17.png8/13/2019 wsus configuration
8/45
follow installation screen until finish.
http://araihan.files.wordpress.com/2009/08/image18.png8/13/2019 wsus configuration
9/45
Now you have fulfil prerequisite as mention above.
WSUS installation
download WSUS fromhttp://connect.microsoft.com/directory/website. sign in using hotmail
or live account. download x86 or x64 as you prefer. here I am installing x86 version.
http://connect.microsoft.com/directory/http://connect.microsoft.com/directory/http://araihan.files.wordpress.com/2009/08/19.jpghttp://connect.microsoft.com/directory/8/13/2019 wsus configuration
10/45
Click on run
click next
8/13/2019 wsus configuration
11/45
Check Full server installation radio button, click next
8/13/2019 wsus configuration
12/45
Accept EULA
You must have two partition in your server as you can see above. I selected D:\WSUS . click
next
8/13/2019 wsus configuration
13/45
Check use existing database. It is required for enterprise deployment. internal database will
not work if you have large number of desktop and server. click next.
8/13/2019 wsus configuration
14/45
Click next
On the next screen web site selection check create Microsoft Windows Server Update
Services Web Site on port 8530
DO NOT CHECK RECOMMENDED
http://araihan.files.wordpress.com/2009/08/image19.png8/13/2019 wsus configuration
15/45
Click next
http://araihan.files.wordpress.com/2009/08/untitled1.jpg8/13/2019 wsus configuration
16/45
Click next , Click next again
http://araihan.files.wordpress.com/2009/08/clip_image00151.gif8/13/2019 wsus configuration
17/45
8/13/2019 wsus configuration
18/45
Click finish. WSUS config wizard will start next
8/13/2019 wsus configuration
19/45
click next
8/13/2019 wsus configuration
20/45
Click next
8/13/2019 wsus configuration
21/45
Provide proxy server IP and credentials above if you have proxy server. in my case I typed
my ISA server IP, port 80 and my domain admin credentials.
8/13/2019 wsus configuration
22/45
Click on start connecting and wait until finish, click next and follow the config screen to
select your language, products, classification
8/13/2019 wsus configuration
23/45
8/13/2019 wsus configuration
24/45
8/13/2019 wsus configuration
25/45
8/13/2019 wsus configuration
26/45
http://araihan.files.wordpress.com/2009/08/173.jpg8/13/2019 wsus configuration
27/45
Configure WSUS
open WSUS management console. In the Left hand side pan, click on Options then click on
Change Update File and Language. Check Download Update files to the server when updates
are approved. Select appropriate language. Then Click Apply and Ok.
http://araihan.files.wordpress.com/2009/08/181.jpg8/13/2019 wsus configuration
28/45
http://araihan.files.wordpress.com/2009/08/41.jpg8/13/2019 wsus configuration
29/45
Click on Automatic Approval and create new rules and run the rules. In my case I have two
custom rules.
http://araihan.files.wordpress.com/2009/08/21.jpg8/13/2019 wsus configuration
30/45
http://araihan.files.wordpress.com/2009/08/331.jpg8/13/2019 wsus configuration
31/45
8/13/2019 wsus configuration
32/45
Open group policy management console, Right click on the Group policy objects container
and click new. create policies for each of computer groups. For Example, WSUS Policy for
desktop, WSUS Policy for Windows 7 and WSUS Server policy.
http://araihan.files.wordpress.com/2009/08/62.jpghttp://araihan.files.wordpress.com/2009/08/62.jpg8/13/2019 wsus configuration
33/45
Now right click on WSUS policy that is desktop policy you just created and change settings
of four GPO that are enabled here on screen
Configure Auto download and schedule installation that fit for you
Point WSUS server and port ashttp://yourserver:8530in both the box
Type target group to populate desktop/pc in WSUS Server.
Check enabled in following box not to reboot machine if user logged on
http://yourserver:8530/http://yourserver:8530/http://yourserver:8530/http://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://araihan.files.wordpress.com/2009/08/122.jpghttp://araihan.files.wordpress.com/2009/08/111.jpghttp://araihan.files.wordpress.com/2009/08/102.jpghttp://araihan.files.wordpress.com/2009/08/93.jpghttp://araihan.files.wordpress.com/2009/08/83.jpghttp://yourserver:8530/8/13/2019 wsus configuration
34/45
Repeat this process for WSUS server policy, Windows 7 Policy and so on.
In GPO management console, Right click on the organisational unit that
contain desktop/workstation and link existing WSUS policy you created in above steps with
this organisational unit.
http://araihan.files.wordpress.com/2009/08/131.jpg8/13/2019 wsus configuration
35/45
Link it with WSUS policy
Repeat same steps for all other organisational unit in GPO management console. Now you
may close GPO now.
Important! Do NOT link WSUS policy in child OU. Link directly to the top of OU hierarchy
otherwise workstation will not populate.
Publish WSUS policy in ISA Server
If you have ISA 2004/2006 or Forefront TMG 2010, you have to set WSUS policy in ISA
firewall access rule. so that ISA doesnt block communication between server and client. You
dont need to do it if nothing blocking between Client and Server communication and dont
have a firewall.
To publish WSUS policy, Open ISA
management console
http://araihan.files.wordpress.com/2009/08/163.jpghttp://araihan.files.wordpress.com/2009/08/153.jpghttp://araihan.files.wordpress.com/2009/08/143.jpghttp://araihan.files.wordpress.com/2009/08/163.jpghttp://araihan.files.wordpress.com/2009/08/153.jpghttp://araihan.files.wordpress.com/2009/08/143.jpghttp://araihan.files.wordpress.com/2009/08/163.jpghttp://araihan.files.wordpress.com/2009/08/153.jpghttp://araihan.files.wordpress.com/2009/08/143.jpg8/13/2019 wsus configuration
36/45
Go to Network Object and expand WEB listener, right click on web listener click new. Type
Name of WSUS server. Name should be netbios name of WSUS server. Follow the screen
shot.
http://araihan.files.wordpress.com/2009/08/image20.png8/13/2019 wsus configuration
37/45
Click next, click finish.
http://araihan.files.wordpress.com/2009/08/image26.pnghttp://araihan.files.wordpress.com/2009/08/image25.pnghttp://araihan.files.wordpress.com/2009/08/image26.pnghttp://araihan.files.wordpress.com/2009/08/image25.png8/13/2019 wsus configuration
38/45
8/13/2019 wsus configuration
39/45
http://araihan.files.wordpress.com/2009/08/251.jpghttp://araihan.files.wordpress.com/2009/08/241.jpghttp://araihan.files.wordpress.com/2009/08/251.jpghttp://araihan.files.wordpress.com/2009/08/241.jpg8/13/2019 wsus configuration
40/45
On the next screen shot select the web listener (WSUS server)
you added in the previous steps.
http://araihan.files.wordpress.com/2009/08/272.jpghttp://araihan.files.wordpress.com/2009/08/261.jpghttp://araihan.files.wordpress.com/2009/08/272.jpghttp://araihan.files.wordpress.com/2009/08/261.jpg8/13/2019 wsus configuration
41/45
Right click on the WSUS Publishing policy, click on property>Click Bridging Tab and check
web server and port 8530
http://araihan.files.wordpress.com/2009/08/291.jpghttp://araihan.files.wordpress.com/2009/08/281.jpghttp://araihan.files.wordpress.com/2009/08/291.jpghttp://araihan.files.wordpress.com/2009/08/281.jpg8/13/2019 wsus configuration
42/45
On the paths add these path if these arent exist already
http://araihan.files.wordpress.com/2009/08/301.jpg8/13/2019 wsus configuration
43/45
http://araihan.files.wordpress.com/2009/08/312.jpg8/13/2019 wsus configuration
44/45
uncheck verify and block option. Apply Changes and click ok.
Troubleshooting
Go to client machine, run
gpupdate /force if client not
showing on WSUS
Run wuauclt
/resetauthorization
/detectnow command from
client machine.
Check Registry of client.
http://araihan.files.wordpress.com/2009/08/image27.pnghttp://araihan.files.wordpress.com/2009/08/322.jpghttp://araihan.files.wordpress.com/2009/08/image27.pnghttp://araihan.files.wordpress.com/2009/08/322.jpg8/13/2019 wsus configuration
45/45
Conclusion
Auto update and patch up gives administrator more time to concentrate other things
without spending time on patching up servers and pc. I enjoyed deploying WSUS. I hope
these instruction would be handy for you.