Table of Contents
How to do WSUS Patching – Installation and Configuration on Windows Server 2019
Before WSUS Patching or Installation and configuration
Let us know what is WSUS patching or WSUS Server and Why it is used and its features..?
When we do WSUS patching or configure, the WSUS server centrally manages our network which downloads the updates and maintains the latest updates from the Microsoft update server.
Wsus then distribute those updates to its client computer so individually client computers do not have to download updates individually from Microsoft.
WSUS server is used in such an environment where we have a good number of client computers and when we don’t want each client computer to download updates from Microsoft because it will reduce bandwidth and traffic on the network.
After centrally downloading the updates Moreover, the Client computer can easily choose which update to download.
Features of WSUS Server
- Automatic sorting of computers into management groups via Group Policy settings.
- It gives Email notifications for update status such as downloaded successfully, failed to download, and ready to install.
- It handles the management of multiple update classifications at once such as:-
- Genric updates.
- Software drivers updates.
- Security updates.
- Windows upgrades.
- Even security or management tools.
For Installing and Testing WSUS Server we are using 3 Virtual Machines
1- Domain Controller (IP:- 192.168.0.20)
2-WSUS Server (IP:- 192.168.0.30)
3- Client(IP:- 192.168.0.40)
Learn WSUS Patching or installation and configuration on Windows Server 2019
Now let’s begin with the WSUS Patching or Installation and Configuration
Follow the below-mentioned Step:-
- Go to Domain Controller
- Open Server Manager
- In tools open Active Directory Users and Computers
- Right-click on kaptechpro.local and select New
Create one Organization Unit (Give name to OU- Test WSUS)
Create one more OU inside TEST WSUS and give a name to that OU WSUS Test
Go to computers and right-click on the Client computer
Click on move and select the OU WSUSTEST and click OK.
Now your client computer is moved inside WSUSTEST.
Now close Active Directory Users and Computers.
Jump to WSUS SERVER Machine
- Open Server Manager
- Click on Add roles and features
- Select the role Windows server update service
- Click on next and click next till role services wizard.
Now select WID Connectivity and WSUS Services role and click on Next
Now we have made one folder inside the C drive with the name of WSUS File Moreover, In the Content location selection wizard we have given the path of that folder
Click on Next and then in the next wizard click on Install.
Till the time installation gets complete come back to DC Machine
Open Server Manager Click on Tools and Open Group Policy Management
- Double click on Forest: Kaptechpro.local
- Expand Domain
- Click on Kaptechpro.local
- Right-click on the Group Policy object and click on New
- In New, GPO wizard give a name to new GPO WSUSPOLICY and click on OK.
Now in Group Policy Management Editor console in Computer Configuration
- Click on Policies
- DoubleClick on Administrative Templates
- Select Windows Component
- Now Select Windows Update
- Click on Standard
Double click on Configure Automatic Updates
- Click on Enabled
- In configuring Automatic Updates
- Select Auto-Download and notify for download
- Click on Apply and OK
Now Open Specify Intranet Microsoft update service location
In Specify Intranet Microsoft Update Service Location console
- Click on Enabled
- Now Set the intranet update service detecting updates url
- Enter HTTP:// FQDN of WSUS SERVER:8530. Moreover, Paste it again inside set the intranet statistics server.
- Click on apply and click on OK.
In Group Policy Management Console
- Right-click on WSUS OU
- Click on Link an existing GPO
- In Select GPO console select WSUS Policy and click on OK
Now Jump to Client Machine(TEST)
- Press Windows key + R
- The run console will get open
- Type cmd and press enter
- Type command gpupdate /force and press enter
- Our computer policy update has completed successfully
Jump to WSUS SERVER Machine
- Our WSUS installation has completed
- Click on Launch Post-Installation tasks and close add roles and features wizard
Go to Tools
Open Windows Sever Update Services
Click on Next
Uncheck the box- Yes, I would like to join the Microsoft update improvement
Click on Next
Moreover, In the next wizard select Synchronize from Microsoft Update
Click on Next
Again click on Next in the next wizard
Click on Start Connecting and after it will get connected click on Next
Select Download updates only in this language.
Moreover, Check the box of English and click on Next
Select the product for which you want updates.
However, we have selected Windows Server 2019 box
Click on Next
Specify the classification of updates you want to synchronize.
For this demonstration, we are going with Security Updates and Updates.
Click on Next.
In the next wizard, select synchronize manually
Click on Next
Select the box Begin initial synchronization
Click on next and in the next wizard click on finish.
In the Update Services console click on WSUS and you will see synchronization has started
Now open Command prompt enter command wuauclt /detect now and press enter.
Click on All Updates
In Status, tab select any and click on the refresh
Now Select two to three updates
Right-click on all computers
Click on approved for install
As you can see below image updates which we have selected are approved click on close.
Now Click on Computers
Click on Unassigned Computers
Test Computer must be listed inside the unassigned computer.
Go to TEST Machine
- Click on Start
- Open Settings
- Click on Update & Security
Click on check updates
You will see the updates which we have to approve are downloading on the TEST machine.
RESULT:-
So we have successfully done WSUS patching or installation and configuration of WSUS on Windows Server 2019.
If in case you face any issue in following the above steps.
Feel Free to contact us at contact@kaptechpro.com
