Support #783
Updated by Daniel Curtis about 8 years ago
One of the uses for my Windows Server is to use Windows Server Update Services (WSUS) to manage centralized updates for the various Windows boxes on my network. This is a simple guide for setting up a standalone WSUS on a Windows Server 2012 R2 Core machine using PowerShell. h2. Prepare the Environment * From the command prompt, open a PowerShell session: <pre> powershell </pre> * Install the prerequisite features for required for WSUS: <pre> Import-Module ServerManager Add-WindowsFeature Application-Server Add-WindowsFeature Web-Server Add-WindowsFeature Web-Asp-Net Add-WindowsFeature Web-Windows-Auth Add-WindowsFeature Web-Dyn-Compression Add-WindowsFeature Web-Mgmt-Compat </pre> * Install the WSUS feature using the Windows Internal Database (WID) as the database: <pre> Install-WindowsFeature -Name UpdateServices -IncludeManagementTools </pre> * After installing WSUS, point the application to a location to store downloads: <pre> cd "C:\Program Files\Update Services\Tools\" .\WsusUtil.exe PostInstall CONTENT_DIR=C:\WSUS </pre> h2. Remote Management Admin Workstation h3. Windows 7 Host # Install the "Microsoft Report Viewer":https://www.microsoft.com/en-us/download/details.aspx?id=6576 # Download Windows Server Update Services 3.0 SP2 "KB972455":http://www.microsoft.com/en-us/download/details.aspx?id=5216 and install the *Administration Console only*. # Once the console is installed, also install "KB2734608":http://support.microsoft.com/kb/2734608/en-us to add support for Windows 8 and Server 2012. # Open Windows Server Update Services and connect to the remote server _wsus.example.com_ on port +8530+. h3. Windows 8 Host # Install the "Microsoft Report Viewer":https://www.microsoft.com/en-us/download/details.aspx?id=6576 # Install the "Windows 8 Remote Server Administration Tool":https://www.microsoft.com/en-us/download/details.aspx?id=28972 # Open Windows Server Update Services and connect to the remote server _wsus.example.com_ on port +8530+. h2. Local management To manage the Windows Server Update Services Server Role locally on the console of your Server Core installation. * The Get-WsusServer cmdlet shows you the configuration of the Windows Server Update Server: <pre> Get-WsusServer </pre> * Using the Get-WsusUpdate cmdlet, you can gain information on updates available from your Windows Server Update Server: <pre> Get-WsusUpdate </pre> * Although you can point your domain-joined computers to the Windows Server Update Server through Group Policy, you will need these two PowerShell cmdlets to manage the relationship between client computers and target groups: <pre> Get-WsusComputer Add-WsusComputer </pre> * These two PowerShell cmdlets are pretty self-explanatory, but in all their simplicity they allow for immediate approval (and denial) of all Windows Updates offered by the Windows Server Update Server: <pre> Approve WsusUpdate Deny-WsusUpdate </pre> * Since your Windows Server Update Server utilizes classifications to target software products to WSUS clients, these two cmdlets allow you to manage these classifications and their synchronization settings. Classifications include applications, updates, drivers, feature packs, service packs, and tools: <pre> Get-WsusClassification Set-WsusClassification </pre> * Products represent software run by the WSUS clients. Products include Windows, Office, Windows Server, Exchange Server, and SQL Server. With these two cmdlets, you can manage the products you want to synchronize WSUS content for: <pre> Get-WsusProduct Set-WsusProduct </pre> * Since your Windows Server Update Server synchronizes all sorts of content from Microsoft and gets fed client computers by Active Directory, it helps to perform a spring cleanup every year. The following PowerShell command can be used for this purpose: <pre> Invoke-WsusServerCleanup </pre> * Your Windows Server Update Server will tell you afterwards how many obsolete updates and obsolete client computers it has cleaned up: <pre> Invoke-WsusServerCleanup -CleanupObsoleteComputers –CleanupObsoleteUpdates </pre> * With the Set-WsusServerSynchronization cmdlet, you can set whether the Windows Server Update Server synchronizes from Microsoft Update, or an upstream server and the upstream server properties: <pre> Set-WsusServerSynchronization </pre> h2. Resources * https://4sysops.com/archives/install-wsus-on-server-2012-with-powershell/ * https://www.microsoft.com/en-us/download/details.aspx?id=28972 * http://www.shnake.com/?p=821 * https://technet.microsoft.com/en-us/library/dd939916(v=ws.10).aspx * https://technet.microsoft.com/en-us/library/dd939859(v=ws.10).aspx