+ Post New Thread
Page 1 of 5 12345 LastLast
Results 1 to 15 of 63
Windows Server 2008 R2 Thread, How to Setup WSUS on 2003/2008/2008 R2 Server in Technical; Hello all, Here's a step by step user guide how to setup WSUS for your network! Firstly you need a ...
  1. #1

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328

    How to Setup WSUS on 2003/2008/2008 R2 Server

    Hello all,

    Here's a step by step user guide how to setup WSUS for your network! Firstly you need a server with either Windows Server 2003 SP2, Windows Server 2008 or Windows Server 2008 R2.

    2003 Server

    Install the Microsoft Report Viewer Redistributable 2008 (2MB)

    You also need (as a minimum) .NET Framework 2.0 installed (22MB)

    Download WSUS 3.0 SP2 (80MB x86)

    Whilst these are downloading, add the IIS role. Navigate to Control Panel > Add/Remove Programs > Add/Remove Windows Components. Double click ‘Application Server’ then tick to enable Internet Information Services (IIS). You may need your Windows Server 2003 disc to install all required components.

    When the installation window appears, choose:

    Full server installation including Administrative Console > Next

    Accept the Terms > Next

    WSUS Setup will choose the volume with the most space. You can change this to D:\WSUS or E:\WSUS as required > Next

    Use the built in Windows Internal Database > Next

    Use the existing IIS Default Web site (Recommended) > Next

    Note: If you do not choose the Default IIS Web site, you’ll need to specify the Microsoft update service location policy differently as follows (for example):

    Specify intranet Microsoft update service location – Enabled
    http://SERVERNAME:8080
    http://SERVERNAME:8080

    When setup completes, cancel the Configuration Wizard that appears. Open WSUS by navigating to Administrative Tools > Windows Server Update Services

    On the left, expand SERVERNAME > Computers > All Computers. You can create computer groups, such as Workstations, Servers and Notebooks. When your workstations report to WSUS, they’ll appear in the All Computers group, but can be moved as required.

    Click on Options > Source and Proxy Server > Proxy Server (tab). Enter your proxy and port, then click OK.

    Products and Classifications. By default few products are displayed, but don’t worry. Choose Windows Server 2003 as a minimum (presuming you have a 2003 Server in your domain). Click the Classifications tab and enable:

    -Critical Updates
    -Definition Updates
    -Security Updates
    -Update Rollups
    -Updates, then click OK.

    Update Files and Languages > Update Languages (tab) > Download updates only in these languages. Tick English, then click OK.

    Synchronization Schedule > Synchronize Automatically. Specify 04:00:00 and 1 Synchronizations per day. Click OK.

    Automatic Approvals. Tick to enable Default Automatic Approval Rule. Just below this, click the Critical Updates link. Tick to enable

    -Critical Updates
    -Definition Updates
    -Security Updates
    -Update Rollups
    -Updates, click OK, and OK.

    E-Mail Notifications. Tick to enable Send e-mail notification when new updates are synchronized. Enter your e-mail address.

    Tick to enable Send Status Reports. Specify:

    Frequency: Weekly
    Send reports at: 11:00:00
    Recipients: Enter your e-mail address

    Click the E-mail Server tab. Specify your SMTP server. If you do not know this, enquire with your LA or ISP.

    Sender name: WSUS
    E-mail address: WSUS@yourdomain.com then click OK.

    Click Synchronizations (near the top left), then near the top right click Synchronize Now. Wait for the synchronization process to complete, then return back to Options > Products and Classifications. This will now be fully populated. Click additional products such as Windows 7, Windows Server 2008 R2 and Office 2010. Click OK, return back to Synchronizations then click Synchronize Now.

    To enable your workstations to report to your WSUS server, navigate to Computer Config > Admin Templates > Windows Components > Windows Update

    Specify the following policies:

    Do not display ‘Install Updates and Shutdown’ option in Shutdown Windows dialogue box – Not Configured

    Do not adjust default option to ‘Install Updates and Shutdown’ in Shutdown Windows dialogue box – Not Configured

    Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates – Not Configured

    Configure Automatic Updates – Enabled
    4 – Auto download and schedule the install
    0 – Everyday
    11:00

    Specify intranet Microsoft update service location – Enabled
    http://SERVERNAME
    http://SERVERNAME

    Automatic Updates detection frequency – Enabled
    1 Hour(s)

    Allow non-administrators to receive update notifications – Disabled

    Turn on Software Notifications – Not Configured

    Allow Automatic Updates immediate installation – Enabled

    Turn on recommended updates via Automatic Updates – Disabled

    No auto-restart with logged on users for scheduled automatic updates installations – Enabled

    Re-prompt for restart with scheduled installations – Not Configured

    Delay restart for scheduled installations – Not Configured

    Reschedule Automatic Updates scheduled installations – Enabled
    15 Minutes

    Enable client-side targeting – Not Configured

    Allow signed updates from an Intranet Microsoft Update service location – Disabled

    Your workstations will then start reporting to your WSUS console. WSUS setup complete!

  2. 7 Thanks to Michael:

    gmonks (23rd October 2012), jdell (24th September 2012), JonR (28th June 2012), mac_shinobi (8th February 2012), mrtechsystems (29th April 2012), speckytecky (9th August 2011), stevenlong1985 (8th February 2012)

  3. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    2008/2008 R2 Server

    Install the Microsoft Report Viewer Redistributable 2008 (2MB)

    Add the WSUS role. This will automatically add the IIS role and will also download the right WSUS version for your server, so there’s no need to download it manually from Microsoft.

    Note: If you have problems downloading WSUS, please make sure you have no WSUS policies set on your Default Domain Policy or your Default Domain Controllers Policy.

    You can check this by opening up Group Policy Management > Computer Config > Policies > Admin Templates > Windows Components > Windows Update. All should be ‘Not Configured’. If you need to make changes, either reboot the server and re-add the WSUS role or run gpupdate /force and re-add the WSUS role.

    When the installation window appears, choose:

    Full server installation including Administrative Console > Next

    Accept the Terms > Next

    WSUS Setup will choose the volume with the most space. You can change this to D:\WSUS or E:\WSUS as required > Next

    Use the built in Windows Internal Database > Next

    Use the existing IIS Default Web site (Recommended) > Next

    Note: If you do not choose the Default IIS Web site, you’ll need to specify the Microsoft update service location slightly differently as follows (for example):

    Specify intranet Microsoft update service location – Enabled
    http://SERVERNAME:8080
    http://SERVERNAME:8080

    When setup completes, cancel the Configuration Wizard that appears. Open WSUS by navigating to Administrative Tools > Windows Server Update Services

    On the left, expand SERVERNAME > Computers > All Computers. You can create computer groups, such as Workstations, Servers and Notebooks. When your workstations report to WSUS, they’ll appear in the All Computers group, but can be moved as required.

    Click on Options > Source and Proxy Server > Proxy Server (tab). Enter your proxy and port, then click OK.

    Products and Classifications. By default few products are displayed, but don’t worry. Choose Windows Server 2003 as a minimum (presuming you have a 2003 Server in your domain). Click the Classifications tab and enable:

    -Critical Updates
    -Definition Updates
    -Security Updates
    -Update Rollups
    -Updates, then click OK.

    Update Files and Languages > Update Languages (tab) > Download updates only in these languages. Tick English, then click OK.

    Synchronization Schedule > Synchronize Automatically. Specify 04:00:00 and 1 Synchronizations per day. Click OK.

    Automatic Approvals. Tick to enable Default Automatic Approval Rule. Just below this, click the Critical Updates link. Tick to enable

    -Critical Updates
    -Definition Updates
    -Security Updates
    -Update Rollups
    -Updates, click OK, and OK.

    E-Mail Notifications. Tick to enable Send e-mail notification when new updates are synchronized. Enter your e-mail address.

    Tick to enable Send Status Reports. Specify:

    Frequency: Weekly
    Send reports at: 11:00:00
    Recipients: Enter your e-mail address

    Click the E-mail Server tab. Specify your SMTP server. If you do not know this, enquire with your LA or ISP.

    Sender name: WSUS
    E-mail address: WSUS@yourdomain.com then click OK.

    Click Synchronizations (near the top left), then near the top right click Synchronize Now. Wait for the synchronization process to complete, then return back to Options > Products and Classifications. This will now be fully populated. Click additional products such as Windows 7, Windows Server 2008 R2 and Office 2010. Click OK, return back to Synchronizations then click Synchronize Now.

    To enable your workstations to report to your WSUS server, navigate to Computer Config > Policies > Admin Templates > Windows Components > Windows Update

    Specify the following policies:

    Do not display ‘Install Updates and Shutdown’ option in Shutdown Windows dialogue box – Not Configured

    Do not adjust default option to ‘Install Updates and Shutdown’ in Shutdown Windows dialogue box – Not Configured

    Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates – Not Configured

    Configure Automatic Updates – Enabled
    4 – Auto download and schedule the install
    0 – Everyday
    11:00

    Specify intranet Microsoft update service location – Enabled
    http://SERVERNAME
    http://SERVERNAME

    Automatic Updates detection frequency – Enabled
    1 Hour(s)

    Allow non-administrators to receive update notifications – Disabled

    Turn on Software Notifications – Not Configured

    Allow Automatic Updates immediate installation – Enabled

    Turn on recommended updates via Automatic Updates – Disabled

    No auto-restart with logged on users for scheduled automatic updates installations – Enabled

    Re-prompt for restart with scheduled installations – Not Configured

    Delay restart for scheduled installations – Not Configured

    Reschedule Automatic Updates scheduled installations – Enabled
    15 Minutes

    Enable client-side targeting – Not Configured

    Allow signed updates from an Intranet Microsoft Update service location – Disabled

    Your workstations will then start reporting to your WSUS console. WSUS setup complete!

  4. 10 Thanks to Michael:

    AWicher (23rd April 2012), DanielRF (25th October 2013), gmonks (12th October 2012), Hightower (12th August 2011), jdell (24th September 2012), jpaterson (29th October 2012), mrtechsystems (29th April 2012), speckytecky (21st April 2012), zag (26th September 2013), zlorimer (12th June 2012)

  5. #3

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    240
    Thanks for that, pretty much how I had mine configured (except for the languages!).

    I have a GPO setup for clients, but how do I go about telling my servers to get the updates from the WSUS, and what settings would you recommend for this. (or should I just keep letting my servers update from the web)

  6. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    No problem at all, glad you found it of use! Maybe the mods can make it a sticky, as it's a question that crops up many times.

    You have two choices really Hightower -

    2003/2008/2008 R2 Server

    Open up GPMC (2003) or Group Policy Management (2008) and create a new GPO called WSUS. Now edit the policies (as described above) and then link the Policy to your Curriculum OU for example. You can then easily link it to your Domain Controllers OU too. This is the recommended approach. The alternative method is to edit the Default Domain Controllers Policy directly.

    By having separate Group Policy Objects, you can configure the policies once, but link the GPO an unlimited number of times no matter how big your domain.

  7. #5
    eclass's Avatar
    Join Date
    Feb 2011
    Posts
    50
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I've been using WSUS for for some time now, and it seems to be working great however, I'm trying to understand why I can't seem to reach 100% in updates. I have most of them stucvk at 99%..

    see attached picture.. any ideas
    Attached Images Attached Images

  8. #6

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,052
    Thank Post
    1,681
    Thanked 2,021 Times in 1,495 Posts
    Rep Power
    673
    Quote Originally Posted by eclass View Post
    I've been using WSUS for for some time now, and it seems to be working great however, I'm trying to understand why I can't seem to reach 100% in updates. I have most of them stucvk at 99%..

    see attached picture.. any ideas
    There are two things that could cause this:

    1. It's vacation season, these updates may well have applied, but the machines have not been rebooted on the network in the last few weeks to check back in with WSUS. Take a look to see when they last checked in.

    2. You'll have 1 update not approved. It usually catches me out when I've managed to approve an update for some, but not all computers that need it. Double click on one of the 99% machines and scroll through the report to find which update it is and then approve it.

  9. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    Most likely it'll be to do with the Windows Malicious Software Removal Tool, however if you right click one of the affected computers, it'll tell you what update(s) it requires authorising.

  10. #8
    eclass's Avatar
    Join Date
    Feb 2011
    Posts
    50
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks ill double check those setting..

    Quote Originally Posted by elsiegee40 View Post
    There are two things that could cause this:

    1. It's vacation season, these updates may well have applied, but the machines have not been rebooted on the network in the last few weeks to check back in with WSUS. Take a look to see when they last checked in.

    2. You'll have 1 update not approved. It usually catches me out when I've managed to approve an update for some, but not all computers that need it. Double click on one of the 99% machines and scroll through the report to find which update it is and then approve it.

  11. #9

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    240
    Quote Originally Posted by Michael View Post
    Open up GPMC (2003) or Group Policy Management (2008) and create a new GPO called WSUS. Now edit the policies (as described above) and then link the Policy to your Curriculum OU for example. You can then easily link it to your Domain Controllers OU too. This is the recommended approach. The alternative method is to edit the Default Domain Controllers Policy directly.
    With this method, how will restarts be handled on servers? Will they auto restart, and if not how will I be prompted to restart the server when needed?

  12. #10

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    On both 2003 and 2008/2008 R2, you'll receive a small pop-up prompting you to restart. The server won't just restart. I generally restart servers out of hours remotely to minimise downtime.

  13. #11

    Join Date
    Jul 2011
    Location
    Leicester
    Posts
    72
    Thank Post
    17
    Thanked 2 Times in 2 Posts
    Rep Power
    6
    please help...

    Summer of 2010 our main curriculum server was rebuilt with server 2008 R2.

    WSUS has been activated, no machines have ever connected to it...

    machine on the network must be updated manually which of cause is a ball ache!!..

    Can some advise where im going wrong? I have approx 200 machines, 5 of which are win 7 pro (x64), 1 is business vista...the rest are xp pro (x86)

    many thanks in advance.

    Cheers

    C

  14. #12

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    This bit should help you:

    To enable your workstations to report to your WSUS server, navigate to Computer Config > Policies > Admin Templates > Windows Components > Windows Update

    Specify the following policies:

    Do not display ‘Install Updates and Shutdown’ option in Shutdown Windows dialogue box – Not Configured

    Do not adjust default option to ‘Install Updates and Shutdown’ in Shutdown Windows dialogue box – Not Configured

    Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates – Not Configured

    Configure Automatic Updates – Enabled
    4 – Auto download and schedule the install
    0 – Everyday
    11:00

    Specify intranet Microsoft update service location – Enabled
    http://SERVERNAME
    http://SERVERNAME

    Automatic Updates detection frequency – Enabled
    1 Hour(s)

    Allow non-administrators to receive update notifications – Disabled

    Turn on Software Notifications – Not Configured

    Allow Automatic Updates immediate installation – Enabled

    Turn on recommended updates via Automatic Updates – Disabled

    No auto-restart with logged on users for scheduled automatic updates installations – Enabled

    Re-prompt for restart with scheduled installations – Not Configured

    Delay restart for scheduled installations – Not Configured

    Reschedule Automatic Updates scheduled installations – Enabled
    15 Minutes

    Enable client-side targeting – Not Configured

    Allow signed updates from an Intranet Microsoft Update service location – Disabled

    Your workstations will then start reporting to your WSUS console. WSUS setup complete!

  15. Thanks to Michael from:

    speckytecky (29th April 2012)

  16. #13

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    732
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Excellent Guide Michael, top stuff!!

    Ash.

  17. #14

    Join Date
    Jul 2011
    Location
    Leicester
    Posts
    72
    Thank Post
    17
    Thanked 2 Times in 2 Posts
    Rep Power
    6
    Quote Originally Posted by Michael View Post
    This bit should help you:
    Hi Michael

    Many thanks for you reply.

    I have tried following the steps you provided and the steps listed at the top of the thread...


    however (i think im being really dense here) i cannot find Computer Config anywhere..... not in GPM etc...

    i have checked server manager and with the roles installed WSUS in there.

    Any ideas? Just a reminder, I am running Win 2008 R2

    Thanks

  18. #15

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    If you open up Group Policy Management, expand the menu on the left, then look for 'Group Policy Objects'.

    This lists all GPOs in your domain. Locate the GPO you wish to add settings to, right click it and navigate to 'GPO Status'.

    Make sure 'Computer Configuration Settings Disabled' is not ticked, otherwise Ccomputer Configuration should be listed.

SHARE:
+ Post New Thread
Page 1 of 5 12345 LastLast

Similar Threads

  1. How to setup a windows server 2008
    By vlan2 in forum Windows Server 2008 R2
    Replies: 2
    Last Post: 15th February 2011, 12:47 PM
  2. Replies: 6
    Last Post: 11th July 2010, 10:15 AM
  3. Connect to a 2008 R2 server from a 2003 TS Client
    By dhoward_westexetc in forum Windows Server 2008 R2
    Replies: 1
    Last Post: 9th June 2010, 10:30 AM
  4. Replies: 5
    Last Post: 13th April 2010, 05:26 PM
  5. Essential tools to manage a Windows 2003/2008 domain?
    By reggiep in forum Windows Server 2000/2003
    Replies: 8
    Last Post: 6th May 2009, 09:47 AM

Thread Information

Users Browsing this Thread

There are currently 7 users browsing this thread. (0 members and 7 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •