Introduction

Recently I got myself a test server at home. This server is running multiple virtual servers. Because all off these servers need to install the same updates I searched a solution so the updates only have to be downloaded one time.


The solution is already built in Windows Server: "Windows Server Update Services". This server role promotes your server to your very own update server. This means all your client servers will check for updates on this server. So you can also configure which updates will be installed and when.

Steps

Start by installing the server role "Windows Server Update Services"
Unless you want to use a SQL database just accept the default database specifications.
The next setting is the location where WSUS will store it's files.
WSUS uses a web server, so just hit next.
Overview of the installation settings.
Let the installation complete.
Next open the configuration console.
A wizard should pop up to complete the configuration.
Run the installation...
Wait until it completes
The post installation is done, now we need to configure our update server.
If you want to join the Improvement Program then you can.
Since this is the only update server we will synchronize from the official update servers from Microsoft.
My server doesn't require a proxy server.
Now the server will synchronize, this can take some time...
All my servers have English as default language so there is no need to download the update in any other one.
Here you specify which products you want to update.

Here you specify the synchronize options.
Now our server is configured, so let's start synchronizing.
Check if your server is busy synchronizing.
When the status changed to "Idle" the synchronisation is done.
Now our server is done, but our clients are still installing updates from the official update servers.
Use this option to to keep overview of your computers.
I created a group for my servers.

We can specify in the group policy how our clients should handle updates.


This is the same group I created previously. When you configure this option the computers will be shown in the right group in the "Computers" tab in the WSUS MMC.
Overview of my policy. I did this in the "Default Domain Policy", but you can do this in a specific one if you want. In a production environment this not the way to go. 
By now you can approve your updates to the clients.

You can even approve this updates for specific groups.

Now the updates will be installed by your clients at the time you configured. Here my servers are busy installing them.
I also reconfigured the synchronization settings to automatically.

Conclusion

I am very pleased with this configuration, now I only need to download the updates one time. After this the update server distributes all the updates to the other servers.

0 reacties:

Post a Comment