INSTALACION DEL WSUS 3.0, CONFIGURACION DE CLIENTES WSUS POR GPO Y POR REGISTRO
Wsus 2012r2e Guide
-
Upload
valerie-gardner -
Category
Documents
-
view
232 -
download
1
Transcript of Wsus 2012r2e Guide
-
8/12/2019 Wsus 2012r2e Guide
1/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 1
Installing Windows Server Update Services
(WSUS) on Windows Server 2012 R2 Essentials
With Windows Server 2012 R2 Essentials in your business, it is important to centrallymanage your workstations to ensure they are secure and up-to-date. With Windows
Server Update Services, you can do just that.
If you are running Windows Server 2012 Essentials, these directions will not work
without performing additional steps. The WSUS role on Windows Server 2012
Essentials (non-R2) requires some pre-configuration before it can be installed.
What youll need:
A server running Windows Server 2012 R2 Essentials with at least4GB of RAM,8GB or higher is recommended
SQL Server 2012 Management Studio available fromhttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-
A1533227CD69/SQLManagementStudio_x64_ENU.exe(download and copy to a
shared folder on the server)
Table of Contents:
Install Windows Server Update Services Role......................................................................................... 2
Perform initial WSUS configuration ......................................................................................................... 6
Install SQL Server Management Studio ................................................................................................... 9
Move WSUS database to a new location .............................................................................................. 11
Adjust memory usage settings for Windows Internal Database........................................................ 17
Configure WSUS to integrate with Group Policy.................................................................................. 18
Create automatic approval rules for update deployment................................................................... 20
http://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exehttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exehttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exehttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exehttp://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLManagementStudio_x64_ENU.exe -
8/12/2019 Wsus 2012r2e Guide
2/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 2
Install Windows Server Update Services Role
Connect to your server using
Remote Desktop Connection.
Click Start -> All Programs ->
Accessories -> Remote Desktop
Connection
Logon with the user name and
the password you use to
administer your server.
Once connected, click the
Administrative Tools icon on the
Start screen.
Scroll down and launch Server
Manager.
In Server Manager, click on Add
Roles and Features.
-
8/12/2019 Wsus 2012r2e Guide
3/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 3
Click Nexton the Before you Beginscreen.
Accept defaults for the installation type, and
then click Next.
Select your Windows Server 2012 R2
Essentials system and click Next.
Select Windows Server Update Serviceson
the Server Roles selection, then click Next.
-
8/12/2019 Wsus 2012r2e Guide
4/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 4
When prompted to add additional required
features for installation, click Add Features
then click Next.
Accept the defaults on the Features screen,
and click Next.
Read the description, and then click Next.
Accept the defaults for Role Services, then
click Next.
-
8/12/2019 Wsus 2012r2e Guide
5/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 5
Create a folder on a drive with enough space
to handle the WSUS content.
Ensure the Store updates in the following
locationis checked, specify the path to the
folder you created, and then click Next.
Confirm your installation selections, and then
click Install.
Installation will then proceed. This step can
take some time depending on your system.
After installation completes, click the blue
Launch Post-Installation taskslink near the
top of the results pane.
The Windows Server Update Services
Configuration Wizard will launch.
-
8/12/2019 Wsus 2012r2e Guide
6/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 6
Perform initial WSUS configuration
Read the Before you Begin information, then
click Next.
Choose if you want to join the Microsoft
Update Improvement Program, then click
Next.
In most cases, you should be able to leave
the proxy server settings alone. However, if
you have a proxy server, you will need to
specify the information, then click Next.
-
8/12/2019 Wsus 2012r2e Guide
7/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 7
WSUS will need to connect to obtain initial
metadata.
Click Start Connecting.
This process should be fairly quick.
After the download is complete, click Next.
Choose any necessary languages for the
client PCs that your server will support, then
click Next.
Choose the products you want your WSUS
server to house updates for, then click Next.
-
8/12/2019 Wsus 2012r2e Guide
8/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 8
Choose the classifications want your server
to house, then click Next.
NOTE:Below the checklist is the description
of each classification. This can be helpful in
determining what to download. Thescreenshot at right is similar to SBS systems
of the past and what classifications were
downloaded out of the box.
The classifications are:
- Critical Updates- Definition Updates- Security Updates- Service Packs-
Update RollupsChoose the appropriate synchronization
schedule for your environment, then click
Next.
Do not check the box to begin
synchronization at this point. The database
will be moved first from its default location
on the system partition to a different
partition to ensure that the system partition
does not run out of room because of WSUS
database growth.
Click Finish.
-
8/12/2019 Wsus 2012r2e Guide
9/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 9
Install SQL Server Management Studio
Browse to where you downloaded the SQL
Server installer and double-click the file.
When the SQL Server Installation Center
loads, click New installation or add
features to an existing installation.
NOTE: If you do not have multiple
partitions, continue to install the SQL
Management Studio, then skip to the
Adjust memory usage settings for
Windows Internal Database section.
Allow the installer to download the latest
updates prior to installation, and click
Next.
Read and accept the license terms, and
then click Next.
-
8/12/2019 Wsus 2012r2e Guide
10/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 10
Leave the defaults for feature selection and
then click Next.
Choose whether or not to enable Error
Reportingand then click Next.
The installation of SQL Server Management
Studio will then begin.
-
8/12/2019 Wsus 2012r2e Guide
11/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 11
After installation is complete, click Close.
Move WSUS database to a new locationTo prepare to move the database, the
WSUS service needs to be stopped.
Launch Command Prompt as an
Administrator, and run net stop
wsusservice.
Create a folder for the database to be
stored on a drive with plenty of storage.
This is likely to be the same drive as theWSUS content storage.
After creating the folder, right click on it,
and click Properties.
For the database to function correctly, we
have to give the SQL service account the
ability to access this folder.
-
8/12/2019 Wsus 2012r2e Guide
12/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 12
Click the Securitytab, and then click the
Advancedbutton.
Click the Addbutton.
Click the Select a Principallink.
-
8/12/2019 Wsus 2012r2e Guide
13/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 13
On the Select Users or Groups screen,
click Locationsand change the location to
your server name, then click OK.
The account that needs to be added is
called NTSERVICE\MSSQL$MICROSOFT##WID.
Type the account name, click Check
Names, and then click OK.
On the right side of the window, click
Show advanced permissions.
The service account needs the following
permissions checked.
List folder / read data
Read attributes
Read extended attributes
Create files / write data
Create folders / append data
Write attributes
Write extended attributes
Delete
Read permissions
Click OKto add the account and itspermissions.
Click OK to close the Advancedscreen.
-
8/12/2019 Wsus 2012r2e Guide
14/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 14
Click OKto close the properties dialog.
Go to the Start screen, click the arrow in
the lower left hand corner to show All
Apps, then right click on SQL Server
Management Studio.
Click Run as Administrator. Accept the
User Account Control prompt that appears.
On the Connect to server screen, type
\\.\pipe\MICROSOFT##WID\tsql\query.
Ensure that Windows Authentication is
selected, then click Connect.
Expand Databases in the Object Explorer,and right-click on SUSDB.
Click on Tasks > Detach.
-
8/12/2019 Wsus 2012r2e Guide
15/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 15
On the Detach Database screen, check the
Drop Connectionscheckbox, and click OK.
Browse to C:\Windows\WID\Data
You may need to accept a User Account
Control prompt.
Move SUSDB.mdf and SUSDB_log.ldfto
the database folder created earlier.
Go back to SQL Server Management
Studioand right click on Databases, then
click Attach.
-
8/12/2019 Wsus 2012r2e Guide
16/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 16
Click Addto locate the database.
Browse to the folder where the database
files have been moved to, and then click on
SUSDB.mdf.
Click OK.
Verify that the information is correct for
the location of the Data and Log filesand
then click OK.
Verify that SUSDB appears in the database
listing.
Restart the WSUS Service, by launching
Command Prompt as an Administrator,
and type net start wsusservice.
-
8/12/2019 Wsus 2012r2e Guide
17/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 17
Adjust memory usage settings for Windows Internal Database
Launch SQL Server Management Studio and Run
as an Administrator if it is not already running.
Connect to the server.
Right click on
\\.pipe\MICROSOFT##WID\tsql\queryand click
on Properties.
Click on the Memorytab and then specify the
Maximum server memoryto be between 256-
512MB, then click OK.
Most WSUS installations in the 2012 R2 Essentials
space should not require much more RAM for SQL
than this due to the smaller number of connected
clients.
-
8/12/2019 Wsus 2012r2e Guide
18/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 18
For the new memory settings to take effect, the
service needs to be restarted.
Right click on
\\.pipe\MICROSOFT##WID\tsql\queryand then
click Restart.
Click Yes. The service will then restart.
Now that the database has been moved, the initial
synchronization of updates can occur.
To begin the sync, go to Administrative Toolsfrom the Start screen, and locate Windows Server
Update Services.
Click Synchronizationsfrom the left pane.
Click Synchronize Now.
The status of the synchronization will appear in
the bottom middle pane.
It will also show in the listing above the status
pane.
Configure WSUS to integrate with Group Policy
If the WSUS console isnt already running, go to
Administrative Toolsfrom the Start screen, and
locate Windows Server Update Services.
-
8/12/2019 Wsus 2012r2e Guide
19/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 19
Click on Optionsin the left hand pane.
Click on Computerson the right pane.
In the Computers property window that appears,
click on Use Group Policy or registry settings
on computers.
By enabling this option, we can use Client-Side
Targeting within Group Policy to add computers
to the appropriate groups within WSUS.
In the navigation pane, expand Computers, and
then right click on All Computersand click Add
Computer Group.
-
8/12/2019 Wsus 2012r2e Guide
20/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 20
Create two computer groups, or more if needed
for your environment.
For example, I have created the groups Servers
and Workstations.
After the groups have been created, verify that
they appear in the navigation pane.
Create automatic approval rules for update deployment
Next, we will create Automatic Approval rules.
These rules can be used to auto approve
updates for specific update types and / or
computer groups.
To create rules, click Optionsin the left hand
pane, and then click Automatic Approvals.
For this example, we will modify the default rule
to automatically approve Critical, Security, and
Definition updates for workstations only.
I would strongly suggest taking some time to
figure out how you want approve updates
before building your ruleset.
Click on the blue all computerslink.
-
8/12/2019 Wsus 2012r2e Guide
21/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 21
Check the box for Workstationsonly and then
click OK.
Click the blue Critical Updates, Security
Updateslink.
Check the box for Definition Updatesthen click
OK.
-
8/12/2019 Wsus 2012r2e Guide
22/22
Tom Ziegmannhttp://www.tomontech.com10/20/2013 22
Ensure the box is checked next to the name of
the rule, click Apply. Then to run the rule, click
the Run Rulebutton.
Repeat the automatic approval rule steps until
you are satisfied with the rules youve created.
To configure your systems to connect to your WSUS server it is strongly recommended to use Group
Policy. Configuring Group Policy is outside the scope of this document, however, I have prepared some
sample group policy settings that can be used as a base for building your policy on top of. Those policy
settings and necessary WMI filters can be found athttp://www.tomontech.com/2013/10/configuring-
group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentials.
Congratulations! You have installed Windows Server Update Services on Windows Server 2012 R2
Essentials!
http://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentialshttp://www.tomontech.com/2013/10/configuring-group-policy-for-windows-server-update-services-on-windows-server-2012-r2-essentials