Creation and configuration of a WSUS server

The objective of a WSUS servor is to download the Microsoft update and to dispash then to a group of computer or all the computer of a network

Indeed, instead of moving for each computer and downloading one by one the updates, the server will allow us to download them once and then apply them on the computers of our choice.

The first step was to create a Virtual Machine on the server with Xencenter and then create a Windows Server 2016.

Then I could open the server manager to create our WSUS server.

I created our server by selecting « Add a feature » and then selecting the server role « WSUS ».

I then specified a location to store the Windows updates.

Once our server was created, I had to set it up to download windows updates.

I first asked it to download all the windows 10 updates so that it could apply them later. To do this, we go to « WSUS Service », then we’ll ask the server to sync to Microsoft Update. We will also have to enter the information of the city server so that it can install the updates.

The server will then connect to Microsoft Update. Then, it will be asked to download all Windows 10 updates in French.

I was then able to choose the type of update we wanted to install. In our case, we only installed the critical updates and those related to systems and security.

Finally, I restarted the server so that it would synchronize and download the updates.

In a second step, we created a GPO.

The city server being composed of departments affiliated with their activities (example: accounting) with all the people in that department (example: Mr. X or Mrs. Y).

So we created a group policy or GPO to apply the WSUS server updates more easily.

Thanks to the GPO, we can ask the WSUS server to check and update the city’s computers at a fixed time (e.g. every Friday at 20:00).

We could then open the strategy manager by following this path:

Computer Configuration > Policies > Administrative Template > Windows Component > Windows Update

Then we went to Service Configuration > Updates > Automatic.

I was then able to set up with automatic download and at the desired time for this one.

After that, I went to « specify Microsoft Update Service intranet location » and specified the address of the WSUS server so it could fetch the updates.

I then finished the installation by going to « allow client-side targeting » where I just have to indicate on which « group » I want the server to be able to perform updates.

At the end of the task, i have create:

  • our GPO configured with the search location for updates,
  • the beginning and end of the update period without forcing a restart to avoid data loss due to logout
  • our WSUS server that automatically downloads updates.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *