- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
In Windows Server 2012, WSUS is now available as a server role and doesn’t require a separate download like in previous versions of Windows Server. If you’re just starting to get into Server 2012, WSUS is a great service to start with for two reasons: First, WSUS isn’t a service that end users will see, hence, end user impact is minimal. Second, WSUS hasn’t changed significantly since Server 2008 R2. Thus, admin impact is going to be minimal also.
Install WSUS with PowerShell
Installing WSUS in Windows Server 2012 is actually quite easy with PowerShell. Before we start, you’ll need to know whether you want to use the WID (Windows Internal Database) or a full SQL Server. My experience has been that most people use WID, but if you need a load-balanced WSUS install or want SQL access to the data in WSUS, you’ll have to use SQL Server.
To use WID, from a PowerShell prompt with Admin rights, run the following:
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools
Install WSUS on Server 2012
Configure the download location
After installing WSUS, you’ll need to point the application to a location to store downloads. Change to the “C:\Program Files\Update Services\Tools\” folder in your PowerShell window and run the following:
WsusUtil.exe PostInstall CONTENT_DIR=C:\WSUS
Use a SQL Server database
To use a SQL Server, we’ll need to alter the WSUS installation. From a PowerShell prompt with admin rights, run the following:
Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB –IncludeManagementTools
SQL Server as WSUS database
After installing WSUS and the bits necessary for SQL Server, you’ll need to point the application to your SQL server and a location to store downloads. Change to the “C:\Program Files\Update Services\Tools\” folder in your PowerShell window and run the following:
WsusUtil.exe PostInstall SQL_INSTANCE_NAME="WSUS1\SQL2012" CONTENT_DIR=C:\WSUS
Connect to WSUS to SQL Server
Starting the WSUS console
If you’re using Server 2012 with a GUI, you’ll have an icon on your Start Screen that you can use to access WSUS for the first time. If you’re using Server Core, you’ll need to set up an admin station to manage WSUS.
In Windows 8, the administrative tool to administer WSUS are part of the Remote Server Administration Tools (RSAT) for Windows 8. The WSUS console will automatically install as part of the RSAT and will be in the Administrative Tools.
In Windows 7, you’ll need to download Windows Server Update Services 3.0 SP2 (and install the administration console. Once the console is installed, you’ll also need to install KB2734608 to add support for Windows 8 and Server 2012.
The last thing you’ll need to install (regardless of OS) is the Microsoft Report Viewer Redistributable 2008.
Connecting to WSUS
Server 2012 with a GUI will automatically connect to WSUS when you run the admin tool. If you’re connecting from Windows 7 or Windows 8, you’ll need to manually specify the WSUS server name when run the tool for the first time. You can do this by clicking on the "Connect to Server" option and then specifying the server name and port. Once you’re done, click "Connect" and you’ll be able to manage WSUS on your admin station.
Connect to WSUS
If you’re using Server 2012 or Windows 8, the Configuration Wizard will start automatically. (In Windows 7, you’ll need go to Options, WSUS Server Configuration Wizard.) The Configuration Wizard is going to be mostly clicking next; but, you’ll want to specifically look out for Classifications and Sync Schedule. In Classifications, you’ll most likely want to add Service Packs, Update Rollups, and Updates. Adding Feature Packs and Tools is up to you, but I definitely recommend avoiding distributing Drivers from WSUS.
Classifications and Updates
For some reason, “synchronize manually” is the default option in WSUS. You’ll want to set it to “synchronize automatically” and then determine how often you’ll want WSUS to check in with Microsoft. For the synchronizations per day option, you should set the option to at least 2 and possibly higher. Microsoft releases multiple antivirus and Defender definitions each day and WSUS will require multiple daily synchronizations to get those updates.
Set Sync Schedule
Setting up Group Policy
By default, Windows clients will check in with the public Microsoft update services. To get your computers to check in with your WSUS server, you’ll need to set the server name in Group Policy. In a GPO that applies to your computers, go to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update > Specify intranet Microsoft update service location. When entering your WSUS server name, remember that WSUS now connects to port 8530 by default. Once Group Policy has updated on your clients, they’ll start checking in to your new WSUS server.
Setting up Group Policy