How To

Steps to Plan, Deploy, and Manage WSUS Patch Management

Spread the love

In a WSUS implementation, at least one WSUS server in the network must connect to Microsoft Update to get available update information. You can determine, based on network security and configuration, how many other servers connect directly to Microsoft Update.

This guide provides conceptual information for planning and deploying Windows Server Update Service.

Plan your WSUS deployment

The first step in the deployment of Windows Server Update Services (WSUS) is to make important decisions, such as deciding the WSUS deployment scenario, choosing a network topology, and understanding the system requirements. The following checklist summarizes the steps that are involved in preparing for your deployment.

1.1  Review considerations and system requirements

1.2  Choose a WSUS deployment scenario

1.3  Choose a WSUS storage strategy

1.4 Choose WSUS update languages

1.5 Plan WSUS computer groups

1.6 Plan WSUS Performance Considerations: Background Intelligent Transfer Service

1.7 Plan Automatic Updates settings

Step 1: Install the WSUS Server Role

To install the WSUS server role

  1. Log on to the server on which you plan to install the WSUS server role by using an account that is a member of the Local Administrators group.
  2. In Server Manager, click Manage, and then click add Roles and Features.
  3. On the Before you begin page, click Next.
  4. In the select installation type page, confirm that Role-based or feature-based installationoption is selected and click Next.
  5. On the select destination server page, choose where the server is located (from a server pool or from a virtual hard disk). After you select the location, choose the server on which you want to install the WSUS server role, and then click Next.
  6. On the select server roles page, select Windows Server Update ServicesAdd features that are required for Windows Server Update Services opens. Click Add Features, and then click Next.
  7. On the select featurespage. retain the default selections, and then click Next.
  8. On the Windows Server Update Services page, click Next.

  9. On the Select Role Services page, leave the default selections, and then click Next.
  10. On the Content location selection page, type a valid location to store the updates. For example, you can create a folder named WSUS_database at the root of drive K specifically for this purpose, and type k:\WSUS_database as the valid location.

  11. Click Next. The Web Server Role (IIS) page opens. Review the information, and then click Next. In select the role services to install for Web Server (IIS), retain the defaults, and then click Next.
  12. On the Confirm installation selections page, review the selected options, and then click Install. The WSUS installation wizard runs. This might take several minutes to complete.
  13. Once WSUS installation is complete, in the summary window on the Installation progresspage, click Launch Post-Installation tasks. The text changes, requesting: Please wait while your server is configured. When the task has finished, the text changes to: Configuration successfully completed. Click Close.
  14. In Server Manager, verify if a notification appears to inform you that a restart is required. This can vary according to the installed server role. If it requires a restart make sure to restart the server to complete the installation.

Step 2: Configure WSUS

2.1 Configure network connections

2.2 Configure WSUS by using the WSUS Configuration Wizard

2.3 Configure WSUS computer groups

2.4 Configure client updates

2.5 Secure WSUS with the Secure Sockets Layer Protocol

Step 3: Approve and Deploy Updates in WSUS

3.1 Approve and deploy WSUS updates

3.2 Configure auto-approval rules

3.3 Review installed updates with WSUS Reports

Step 4: Configure Group Policy Settings for Automatic Updates

In an active directory environment, you can use Group Policy to define how computers and users (referred to in this document as WSUS clients) can interact with Windows Updates to obtain automatic updates from Windows Server Update Services (WSUS).

Accessing the Windows Update settings in Group Policy, which provides general guidance about using Group Policy Management editor, and information about accessing the Update Services policy extensions and Maintenance Scheduler settings in Group Policy.

One thought on “Steps to Plan, Deploy, and Manage WSUS Patch Management

Leave a Reply

Your email address will not be published.