Friday, August 9, 2013

Wsus Server - Install and Configuration

Here I want to talk about updates at your environment, as you know to keep our computers and server’s up to date Microsoft relist updates Avery few weeks, its Hailey recommended to use them because it’s save us a lot from our admin work, the wsus server help us to create centralized environments for those updates an give us the option to select which updates we want to deploy and which we not.
We can choose which updates we want to download and for that we have the following criteria:

        ·         By operating system (Example: Office\Server2003\Xp).
        ·         We can choose the update importance (Drivers\Critical updates).
        ·         By language (Frances\English).


What are the Installation requirements?
-          we need to install it on Windows Server2003SP1
-          IIS (6.0) – because all computers connected to the server with http address we need to use iis to enable this connection.
-          Microsoft .NET framework Version 2.0.
-          The minimum and recommended disk space :
1.       1 GB for Boot Drive (C).
2.       3 GB for database. (D).
3.       Because the server downloads and save updates on the server we need to have minimum 0f 25 GB to store those updates (E).
-          NTFS partition.
-          Database SQL.

When to synchronize….?

One of the good things that I love about this product is the time we want him to work. We can choose when the Wsus server will connect to the Microsoft servers and download all updates that we choose and keep them until you (The big admin…) chose what to install on your clients machines.

What I need to download….?

In this version (3.0 Sp1) the server can scan your enviornmant and determine which commuter and the update that he needs. We have 2 ways to see that information:

1.       We can see it on the server Manu.
2.       And the preferred way is to generate an automatically report, yes with the morning coffee you also have all the update that you missing and all you need to do is to approve it.

What if you have many departments…?
Here the answer is very easy, because you can create groups so you can choose how to deploy your updates to entire group or maybe to specific computers. We can create that group in active directory (With GPO) or on the wsus server.

How I create groups for entire bunch of computers….?
As you already know tasks like this we have the administrative console and it’s easy to manage, so let’s follow the process step by step:

  1. Expend computers and select all computers.
  2. Right click on all computers or go to Actions and press Add Computer Group.
  3. Now when we created the group we can assign computers in it:
  4. In administration console go to computers.
  5. Choose the computer group you want to move.
  6. Choose from the list you open the computers you want to move.
  7. Right –Click on Change Membership.
  8. Now you will see a dialog box says “Set Computer Group Membership” with all your groups.
  9. Simply check the new group you want to assigns the computers in it.










How we install it…?

1.      Go to your WSUS directory and press WSUSSetup.exe.
2.      Click next.
3.      Now you need to choose the “installation mode selection” here my recommended is to choose the full server installation + administration console.
4.      Accept License agreement and click next.
5.      Now you need to choose the “update Source” - here you chose where to place the downloaded updates so your clients can sync and download them. Click “store update locally” and chose the 30GB partition that we arranged before we started the installation process.
6.      On the database options stay with the default options and click next.
7.      Now we need to see the “Web Site Selection” accept default options (The first option IIS) to use port 80, Next.
8.      In the next screen click again next.
9.      Finish.

Note!
If you have firewall between the wsus and the internet you need to open ports 80 and 443 because that’s the ports the server needs to get updates.

How to choose the way the server will download updates…?
1.       Go to the configuration wizard (after you get Microsoft improvement program) and click next.
2.       Now you need to select if you want to sync and get updates from Microsoft server or from another Wsus server that you have in your environment. So for now we will choose the first option (Microsoft Server) and click next.

How I manage the server …?
We manage the server with the administrator console for wsus to open it follow this:

Start->All programs ->Administrative tools ->Windows server updates services 3.0.

How I can configure my updates and the server sync…?
1.       Open management console.
2.       Go to “Set Sync Schedule.
3.       Now we need to chose what type we want to work with:

           Manual - if you chose this option you need to initiate the sync from the wsus console.
          
Automatic – if we chose this option the server will create the sync process at specific intervals, all we need to do is to choose when the server creates the intervals (Send and Forget).

How I define the update to a specific product…?
1.       Open console.
2.       Options and select “update files and languages”.
3.       Now you need to see 2 tabs :

           Update Files - here we can chose if we want to store all our updates locally on the server or the client commuters will download from Microsoft update.

       Update languages – here we can configure the updates Lang’

4.       Now press OK and save all settings.

How I sync manually…?

1.       Open Administrative console.
2.       Select Synchronizations.
3.       Press right click on “Actions”
4.       Sync Now.

How to configure automatic updates…?

1.       Go to group policy and configure a new policy.
Computer Configuration -> Administrative Templates -> Windows Component ->Windows Update.
2.       Click “Configure Automatic Updates”.
3.       Click Enabled and configure the following options :

        Notify for download and notify for install - notify the admin when before the server download update and before the installation of the update.
         
        Auto download and notify for install – updates will download automatically and notify before install it.
           
    Auto download and schedule the install – if we configure automatics updates we can schedule installation, so we need to choose the time for the installation.
           
   Allow local admin to chose setting – local admins can use automatic updates in the control panel (the can chose scheduled time for updates installation).

4.       After you finish all configuration press OK.

How I create the connection between the clients to the new server….?
Because we work with 3000 computers… we can apply the update configuration with GPO, it’s very simple to do and I will explain it so you can manage all clients easy as possible:
1.       Open GPMC.
2.       Create new GPO.
Computer Configuration -> Administrative Templates -> Windows Component ->Windows Update.
3.       Now choose “Specify Internet Microsoft Update Service Location “.
4.       Press “Enabled” and configure the following :
 You need to give your Wsus HTTPURL (IIS Remember…) for example:
Http://Wsus90 (You need to put it in both boxes!!!!!).
5.       Click OK.

Note!
After you configure the policy and deploy it on client’s computers you will start to see clients computers add to your server at the administrative console at estametly 30 minutes.
If you cannot wait 30 minutes you can speed the process by pressing the following command on client computers:
Goupdate /force – this command will apply the Wsus policy immediately.

Note!
You have another option to make the clients computers connect to the wsus by pressing the following on client’s computers:
“Wuauclt.exe /detectnow “.

O.k. I have the update but how I approve them…?

To approve the updates you want to deploy follow the following process:
1.       Open Admin Console.
2.       Go to Updates and  a dialog will open and show you all the updates that you have on your server with criteria :
                              ·         All Updates.
                              ·         Critical Updates.
                              ·         Wsus Updates.
                              ·         Security Updates.

3.       Now choose the type of updates you want to deploy.
4.       Select the updates from the criteria that you choose (If you want to choose multiple contiguous Update press and hold Shift button, If you want to choose multiple updates that noncontiguous press Ctrl while choose your Updates).
5.       Press approves and a dialog box will appear.
6.       Select the group you want to deploy the updates you just choose (for examples “Sales”) and  choose one of the following:

                              ·         Approve for install – choose this option!!!
                              ·         Approve for Removal.
                              ·         Not approve.
                              ·         Deadline.
                              ·         Same as parent
                              ·         Apply to children.

7.       Now you will see a progress bar start to show you the tasks that you ask from the server.
8.       Close.

Note!
If you want to see the status of the updates follow the easy few steps:
1.       Admin console.
2.       Reports -> Update Status Summery -> Update Report Window.
3.       Here you can create filters if you like.
4.       Press on “Run Report”.

So now after you finish to read my document I’m shore you can go to your bosses and offer the your great solution and the ones that already have this wonderful server I hope I can help in something, so if you have any questions please contact me or live your comment and I try to come back and help you as soon as possible. 

No comments:

Post a Comment

My Presentations