In this article, I’ll explain how to install Windows Server Update Services (WSUS) on Windows Server 2012 with PowerShell, discuss the initial configuration, and show you how to configure clients using Group Policy.

In Windows Server 2012, WSUS is now available as a server role and doesn’t require a separate download like in previous versions of Windows Server. If you’re just starting to get into Server 2012, WSUS is a great service to start with for two reasons: First, WSUS isn’t a service that end users will see, hence, end user impact is minimal. Second, WSUS hasn’t changed significantly since Server 2008 R2. Thus, admin impact is going to be minimal also.

Install WSUS with PowerShell ^

Installing WSUS in Windows Server 2012 is actually quite easy with PowerShell. Before we start, you’ll need to know whether you want to use the WID (Windows Internal Database) or a full SQL Server. My experience has been that most people use WID, but if you need a load-balanced WSUS install or want SQL access to the data in WSUS, you’ll have to use SQL Server.

To use WID, from a PowerShell prompt with Admin rights, run the following:

Install-WindowsFeature -Name UpdateServices -IncludeManagementTools

Install WSUS on Server 2012

Install WSUS on Server 2012

Configure the download location ^

After installing WSUS, you’ll need to point the application to a location to store downloads. Change to the “C:\Program Files\Update Services\Tools\” folder in your PowerShell window and run the following:

WsusUtil.exe PostInstall CONTENT_DIR=C:\WSUS

WsusUtil.exe

WsusUtil.exe

Use a SQL Server database ^

To use a SQL Server, we’ll need to alter the WSUS installation. From a PowerShell prompt with admin rights, run the following:

Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB –IncludeManagementTools

SQL Server as WSUS database

SQL Server as WSUS database

After installing WSUS and the bits necessary for SQL Server, you’ll need to point the application to your SQL server and a location to store downloads. Change to the “C:\Program Files\Update Services\Tools\” folder in your PowerShell window and run the following:

WsusUtil.exe PostInstall SQL_INSTANCE_NAME="WSUS1\SQL2012" CONTENT_DIR=C:\WSUS

Connect to WSUS to SQL Server

Connect to WSUS to SQL Server

Starting the WSUS console ^

If you’re using Server 2012 with a GUI, you’ll have an icon on your Start Screen that you can use to access WSUS for the first time. If you’re using Server Core, you’ll need to set up an admin station to manage WSUS.

Starting WSUS

Starting WSUS

In Windows 8, the administrative tool to administer WSUS are part of the Remote Server Administration Tools (RSAT) for Windows 8. The WSUS console will automatically install as part of the RSAT and will be in the Administrative Tools.

In Windows 7, you’ll need to download Windows Server Update Services 3.0 SP2 (and install the administration console. Once the console is installed, you’ll also need to install KB2734608 to add support for Windows 8 and Server 2012.

The last thing you’ll need to install (regardless of OS) is the Microsoft Report Viewer Redistributable 2008.

Connecting to WSUS ^

Server 2012 with a GUI will automatically connect to WSUS when you run the admin tool. If you’re connecting from Windows 7 or Windows 8, you’ll need to manually specify the WSUS server name when run the tool for the first time. You can do this by clicking on the "Connect to Server" option and then specifying the server name and port. Once you’re done, click "Connect" and you’ll be able to manage WSUS on your admin station.

Connect to WSUS

Connect to WSUS

If you’re using Server 2012 or Windows 8, the Configuration Wizard will start automatically. (In Windows 7, you’ll need go to Options, WSUS Server Configuration Wizard.) The Configuration Wizard is going to be mostly clicking next; but, you’ll want to specifically look out for Classifications and Sync Schedule. In Classifications, you’ll most likely want to add Service Packs, Update Rollups, and Updates. Adding Feature Packs and Tools is up to you, but I definitely recommend avoiding distributing Drivers from WSUS.

Classifications and Updates

Classifications and Updates

For some reason, “synchronize manually” is the default option in WSUS. You’ll want to set it to “synchronize automatically” and then determine how often you’ll want WSUS to check in with Microsoft. For the synchronizations per day option, you should set the option to at least 2 and possibly higher. Microsoft releases multiple antivirus and Defender definitions each day and WSUS will require multiple daily synchronizations to get those updates.

Set Sync Schedule

Set Sync Schedule

Setting up Group Policy ^

By default, Windows clients will check in with the public Microsoft update services. To get your computers to check in with your WSUS server, you’ll need to set the server name in Group Policy. In a GPO that applies to your computers, go to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update > Specify intranet Microsoft update service location. When entering your WSUS server name, remember that WSUS now connects to port 8530 by default. Once Group Policy has updated on your clients, they’ll start checking in to your new WSUS server.

Setting up Group Policy

Setting up Group Policy

0
1 Comment
  1. Yehouessi 5 years ago

    Hello,

    Thanks for your article.

    But the download speed with  wsus server because  is very slow...I spend 5 days waiting and the server just download  2.99Mo/400G.

    Im using internal data base for this configuration.

    Any idea please ?

     

    0

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account