Post on 14-Apr-2018
7/29/2019 Wsus Install Config Handleiding
1/19
Overview
WSUS 3.0 SP1 delivers important customer-requested management, stability, and performanceimprovements. Some of the features and improvements include:
* Support for Windows Server 2008.* Support for SQL Server 2008.* Enhanced bulk approval capability, preserving existing approvals.* Support for separate proxy servers and ports for SSL and non-SSL traffic.* Office Excel report export.
WSUS 3.0 SP1 can be installed alone, or as an upgrade of either WSUS 3.0 RTM or WSUS 2.0 SP1.
This package installs both the WSUS 3.0 SP1 Server and WSUS 3.0 SP1 Administration Consolecomponents, for all Windows Server 2003 SP1 supported languages. Additionally, the WSUS 3.0 SP1client is included in all supported client platform languages. You must install the server components ona computer running Windows Server 2008 or Windows Server 2003 SP1 or later. You may install theAdministration Console on a remote computer running Windows Server 2008, Windows Vista,Windows Server 2003 SP1, or Windows XP SP2.
WSUS 3.0 SP1 Server Installation on Windows Small Business Server 2003
If you are installing the WSUS 3.0 SP1 product on Windows Small Business Server 2003, follow theinstructions in Installing Windows Server Update Services 3.0 on Windows Small Business Server2003.
There are 4 common methods of deploying WSUS:
* Single WSUS server
* Multiple independant WSUS servers* Multiple Internally synchronised WSUS servers* Disconnected WSUS servers
A Single Wsus server would be suitable for a small or simple network. It will synchronise withMicrosoft update and then distribute its updates to your servers/clients.
Multiple independant WSUS servers could be setup to synchronise with microsoft Update andconfigured to for example, update only one specific type of client, eg: XP clients or Vista, then anotherWSUS server in your organisation could be setup just to update your Server 2008 servers.
Multiple Internally synchronised WSUS servers is where you have multiple WSUS servers in yourorganisation but only one connects to Microsoft Update, this is called the Upstream WSUS server
and all other WSUS servers (called the Downstream WSUS servers) synchronise via this WSUSserver. The synchronisation methods can be either Autonomous or Replica.
Disconnected WSUS servers are not connected to the internet at all. You would typically utilise thissetup in an organisation that doesn't have or allow internet access. The Microsoft Updates would haveto be pulled down from another internet conencted WSUS server and then burned to cd or dvd andcopied to the disconnected WSUS server.
7/29/2019 Wsus Install Config Handleiding
2/19
Installation
Install the Report Viewer first
Double-click on the Report viewer exe, choose next to continue at the welcome screen
accept the license terms. click Install to install
7/29/2019 Wsus Install Config Handleiding
3/19
Once done click finish.
Install WSUS
Double click on the WSUS exe, choose next at the welcome screen
7/29/2019 Wsus Install Config Handleiding
4/19
Choose the Full Server installation
Accept the license agreement
7/29/2019 Wsus Install Config Handleiding
5/19
Select your update source (local or on windowsupdate)
now if you havn't installed SQL 2008 yet, then please do so as the next screen will allow us to pickbetween an internal windows database (first option) or to connect to our MSSQL database (default)second option.
Choose use existing database as below in the screenshot
7/29/2019 Wsus Install Config Handleiding
6/19
It will hopefully successfully connect to your database, click next to continue
when prompted what IIS website to use, choose the default option (use the existing IIS website)
7/29/2019 Wsus Install Config Handleiding
7/19
You'll see a summary click next to continue
that's it, all done, click Finish.
7/29/2019 Wsus Install Config Handleiding
8/19
Note: if you are going to use SCCM to manage patch management, thendo NOT run the WSUS configuration wizard below
The WSUS configuration wizard automatically starts after the Setup wizard completes. BecauseConfiguration Manager 2007 SP1 manages the WSUS settings, you should exit the configurationwizard after it opens.
Note: if you are going to use SCCM to manage patch management, then do
NOT run the WSUS configuration wizard below
Starting WSUS for the first time
Click on Start/All Programs/Administrative tools/Microsoft Windows Server Update Services
3.0 SP1
this will start a wizard (pictured below) click next
7/29/2019 Wsus Install Config Handleiding
9/19
choose to opt in or opt out (default is opt in)
Next you can choose your Upstream Server, I stayed with the default option
7/29/2019 Wsus Install Config Handleiding
10/19
enter your proxy settings (if any)
clicknext and then start connecting. Once the Wizard has synchronized information with the
Microsoft Update web servers you can clicknext to continue
next you get to choose which languages to support
7/29/2019 Wsus Install Config Handleiding
11/19
and which Microsoft Products to support by default all office versions and all windows
versions are selected, remove those which you don't need as all of these updates etc will take
up storage space
next you can choose what type of updates to download
7/29/2019 Wsus Install Config Handleiding
12/19
pick a schedule to synchronise
7/29/2019 Wsus Install Config Handleiding
13/19
finished !
review next steps and then click on Finish to end the wizard.
7/29/2019 Wsus Install Config Handleiding
14/19
At this point you can now use the WSUS UI
7/29/2019 Wsus Install Config Handleiding
15/19
Note: If you intend on using SCCM 2007 to deploy updates using the WSUS integrationthen do NOT do any of the steps here.
The instructions here also assume that your network runs Active Directory and that you use
Group Policy to manage your network. For more information about Group Policy, see
Microsofts Group Policy home page. You can configure one or more computers by including
them in a Group Policy object (GPO). By configuring Automatic Updates using Group
Policy, these settings will take precedence over any settings that are defined locally on the
computers within your Domain.
Note: You should Link this WSUS GPO to an Active Directory container appropriate foryour environment. In a simple environment, you link a single WSUS GPO to the domain. In a
more complex environment, you might link multiple WSUS GPOs to different organizational
units (OUs).
Start the Group Policy Management MMC and highlight your domain as in the screenshot
below.
7/29/2019 Wsus Install Config Handleiding
16/19
Right-click the domain and choose Create a GPO in this domain, and link it here
When the New Group Policy Object window appears, give it a name like WSUS GPO and
click OK
7/29/2019 Wsus Install Config Handleiding
17/19
right click on our new GPO and choose Edit
expand Policies then click and highlight Administrative Templates. Before you can
configure WSUS group policy settings you should load the latest version of the administrative
template, wuau.adm. Right click on Administrative Templates and choose Add/Remove
Templates, click on the Add button and scroll down to the bottom until you can see the
wuau.adm file. Select the file and clickOpen and close.
Now that you have loaded the wuau.adm template, you are ready to expand Windows
Components.
7/29/2019 Wsus Install Config Handleiding
18/19
Scroll down to Windows Update and enable the following options (circled in Red)
Automatic Updates are now enabled, but before the computers can receive updates from the
WSUS server we need to configure the following group policy setting:
Specify intranet Microsoft Update service location and fill in the https address of the
WSUS server, so click on it and view it's properties. We have already enabled the group
policy setting as in the screenshot above, however we need to enter the https address of our
WSUS server, so do that in the two empty fields provided and click ok.
7/29/2019 Wsus Install Config Handleiding
19/19
Startup WSUS