Windows Server

Windows server update services: Guide

Windows server update services are needed to download updates from Microsoft and store them locally on the WSUS server. It decreases data transfer over the WAN link for multiple servers, preventing the need for installing essential Windows updates. Moreover, It can approve or decline updates (i.e., control how updates are installed).

Patch management

Therefore, For more articles I have written, see the following hyperlinks: Configuring WSUS Email Notification to Work With Office365, Important Areas to Master on WSUS (Installed and not applicable, Install 1/4, and Installed / Not applicable 100), Targeting WSUS Client with the Registry keys: How to configure WSUS Clients to get Updates from the WSUS server using Registry settings, How to apply Windows Updates from WSUS to the server using AWS RunCommand, How to Configure SSL between WSUS servers (Upstream and Downstream Servers), Handy WSUS Commands – Windows Server Update Services Commands, WAUACLT, PowerShell and USOClient, How to Start, Stop and Restart Windows Server Update Services (WSUS) via PowerShell and CMD, Windows Server Update Services: Windows 2016 Servers does not show up on WSUS console, and WSUS clients appear and disappear from the WSUS Update Services console.

Note: We do not have a domain controller and these servers are not joined to the domain

Here are the prerequisites:

  • .Net framework 4.5
  • Windows Server 2012R2 (using window internal database [WID])
  • IIS 6.0 or greater (with components such as, windows authentication, dynamic content compression etc.)

Hardware requirements:

  • System partition and WSUS partition must be NTFS
  • Cant be installed on compressed drive
  • Requires 1Gb free on System partition
  • 2 GB free for WID (WSUS database)
  • Moreover At least 20Gb free for updates (30 GB recommended by Microsoft).

Setting up a WSUS: Below are the steps to have WSUS installed and configured for Windows Update via GPO

Step 1:

  • Click on Server Manager
  • Click on Add roles and features (Add Roles and Features Wizard Opens Up)

Select next and select the Installation Type

WSUS installation

–  Click on next (select Webserver IIS) and Windows Server Update Services, click on add features

Update deployment

Moreover, Click on next till you get to the roles service option as shown below
However, the first two are selected by default (Since I will be using Windows internal Database for WSUS) I am fine with this.

Server maintenance

On the content role service option, enter the path you wish WSUS to download updates to (if you have an external drive you can use that)

Patch management
– On the confirmation role page, click on install as shown below
WSUS installation

When this completes, you can open Windows Server Updates Services in so many ways

  • Navigate to Tools and select Windows Server Updates Services
  • Click on Windows , then Administrative Tools and then on Windows Server Updates Services.
  • Lastly, click on WSUS server on the Server Manager as shown below, right click on the server name and select Windows Server Updates Services
Update deployment
The updated Service page will open up as shown below

– Kindly configure the Options settings according to your need. (work through each option, read and configure). I will drop any import information as the task progresses

Server maintenance

Also on the synchronisation service option window, ensure you synchronise your WSUS server to get updates from Microsoft by selecting Synchronise Now

After this has been completed, it should like this below.

The updates section of updates services will be populates as well (note: Takes long when run the first time).

Note: To be able to view the reports, you will need to install the Microsoft report view,
Note: Nonetheless, When the WSUS console is not closed, despite having the installation succeeded, you cannot view any report generated. Therefore, close the wsus windows and uninstall and reinstall

Steps 2: However, You can either user the local group policy or setting the registry key to point clients to get windows updates from the WSUS server

Using the local group policy: Setup the group policy object to allow clients contact the WSUS for updates
– From the MMC, open the local computer policy from there
– Run gpedit.msc
Open Computer Configuration
Administrative Template
Windows Component and
Click on Windows Update

We have to configure these options
1. The Specify the Microsoft Update Service Location (Double click to open this up) by entering the IP address followed by the port or specify the FQDN.

2: Enable Configure Automatic Updates and select the third option to Auto download and notify for Install

After completed this run gpupdate /force to effect the group policy immediately

Configuring Update Service
Note: Ensure you create a group for administrative purposes to ensure (allow) updates to be tested to some groups before deploying (rolling) them to production servers

Now on the Local Group Policy
Enable it and enter the name created above for the xxxx-Group

Configuring Options: I went for this option because my server will be getting windows updates via GPO

Like I said, just go through it and personalize it (they are straight forwards)

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x