WSUS

Windows Server Update Services (WSUS)

Automated Patching – it is the first step to secure Network; I will discuss the importance of maintaining patch deployment, strategies and how to utilize Microsoft’s Windows Server Update Services 3.0.

When people think about IT security, they think about firewalls and antivirus. Firewalls are important but only go so far as to protect your network against a direct attack. A firewall will only prevent illegitimate forms of traffic from the internet. It doesn’t stop traffic on legitimate ports or downloads. Firewall defenses have been compared to eggs: hard on the outside but soft on the inside. Anti-virus will only protect you against known threats. Many organizations have made the mistake of thinking that firewalls combined with antivirus will give them a complete defense against threats.

WSUS, is a free to use Microsoft product, services all of the Microsoft product range and makes it easier for administrators or security officers to test and deploy updates on a production network.

I aim to show how you can manage updating your entire Microsoft network with minimal manual effort by using WSUS 3.0.

Requirements

  • Windows Server 2003 Service Pack 1 and UP
  • Microsoft Internet Information Services (IIS) 6.0 or later
  • Background Intelligent Transfer service (BITS) 2.0 or later
  • Windows Installer 3.1 or later
  • Microsoft .NET Framework 2.0

WSUS Deployment Scenarios

This is the best deployment solution where there is a single security policy. It is efficient because:

  • The internet connection is used only once to download updates.
  • Administrative effort is minimized; all update testing/approval, is performed at the WSUS server that is the point of entry.

WSUS00

WSUS clients have the location of their WSUS server configured from Active Directory.

Installing WSUS 3.0

 WSUS01  WSUS02

You have a chance to decide if this server will be root WSUS server or a downstream server.

Downstream server gets updates from an upstream WSUS server on your network.

For a downstream server:

  • You can choose to use SSL if the upstream server requires it.
  • Make this a replica of the upstream server. This is how you can centralize management to your upstream or root servers.

WSUS03

Enter any required credentials to enable your new WSUS server to get through a proxy. Keep in mind not use your user account or an administrator account use a dedicated service account.

WSUS04

Start your initial synchronization. This will only download the necessary information to complete the wizard. It will not download an updates or metadata about any updates.

WSUS05

Choose the languages you want to download updates.

WSUS07

Choose what products on our network wish to update using WSUS.

WSUS08

Choose with types of update you want to download.

WSUS09

Configure synchronization; you have the option to set a schedule for daily automatic synchronization.

WSUS10

Configurations are complete.  We can start now the initial synchronization to download update metadata

WSUS11  WSUS12

WSUS13

WSUS14

Create Computer Group and move computer from “Unassigned Computer” appropriate group.

WSUS15

Choose the update you to apply.

WSUS16

Approve the update for all computers or for specific group

WSUS17                                            Ahmet YAKUPOGLU

One comment

  1. Pingback: Windows Server Update Services | IT Mug

Leave a comment