1. Install WSUS service on a Windows Server
  • Server Manager >> Add Roles >> Windows Server Update Services (which includes IIS) >> Next, Next, Next >> Install >> Store updates on a storage that has plenty of space (i.e. D:\ drive)
  • Run: CMD >> firewall.cpl >> enable Windows Update Services through firewall, port 8530
  • Choose all default options for set-up: Windows 7, Office, etc.
  • Install MS Report Viewer:
  • Run these commands:
    icacls C:\WINDOWS\TEMP /grant:r “NETWORK SERVICE”:(OI)(CI)F /grant:r “NETWORK SERVICE”:(OI)(CI)F
    del %appdata%\microsoft\mmc\WSUS
  • Install .NET Framework 3.5
  • Set automatic update approval settings
    • Browse to Options >> double-click Automatic Updates to bring up the “Automatic Approvals” dialog window.
    • In Update Rules, click New Rule.
    • In the Add Rule dialog box, under Step 1: Select properties, select whether to use update classifications or products (or both) as criteria.
    • In Step 2: Edit the properties, click the underlined properties to select the values for which you want automatic approvals.
    • In Step 3: Specify a name, give a name to the rule.
    • Click Run Rule
    • Click OK.
    • In the WSUS administration console, click Options, and then click Automatic Approvals.
2. Group Policy Manager
  • Open Group Policy Management >> choose {Domain} >> right-click Default Domain Policy >> open Policies, Administrative Templates, Windows Components >> click on Windows Update >> click on Standard tab >> right-click Specify Intranet Microsoft Update Service Location >> Edit >> select Enabled, type server name (e.g. http://DC01:8530) >> click OK >> right-click Automatic Updates >> Edit >> choose Enabled >> click OK
  • Run Update Services to check that WSUS is running >> click All Updates >> set approval = Unapproved, Status = Any >> click Refresh >> choose the update title and click approve
  • Run gpupdate.msc
  • Run cmd >> wuauclt.exe /detectnow
3. Optional set up Group Policy manually on client PC
    •  Run: GPEDIT.msc >> navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update
    • The following need to be enabled and edited:
      1)      Configure Automatic Updates
      • Enabled
      • Configure automatic updating: 3 – Auto download and notify for install
      • Scheduled install day: 0 – Every day
      • Scheduled install time: 15:00
2)      Specify intranet Microsoft update service location
      • Enabled
      • Set the intranet update service for detecting updates: http://WSUS01:8530
      • Set the intranet statistics server: http://WSUS01:8530
3)      Automatic Updates detection frequency
      • Enabled
      • Check for updates at the following interval (hours): 1
 
  • Run the following commands to force the client to report to the WSUS server:
                     gpupdate /force
                     wuauclt.exe /detectnow            
  • If machine still doesn’t register with WSUS server(s), Install WSUS SP2:
Categories: