Project

General

Profile

Support #783

Install WSUS on Windows Server 2012 Core

Added by Daniel Curtis almost 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Server Management
Target version:
Start date:
03/20/2016
Due date:
% Done:

100%

Estimated time:
2.00 h
Spent time:

Description

One of the uses for my Windows Server is to use Windows Server Update Services (WSUS) to manage centralized updates for the various Windows boxes on my network. This is a simple guide for setting up a standalone WSUS on a Windows Server 2012 R2 Core machine using PowerShell.

Install WSUS

  • From the command prompt, open a PowerShell session:
    powershell
    
  • Install the WSUS feature using the Windows Internal Database (WID) as the database:
    Install-WindowsFeature -Name UpdateServices -IncludeManagementTools
    
  • After installing WSUS, point the application to a location to store downloads:
    cd "C:\Program Files\Update Services\Tools\" 
    .\WsusUtil.exe PostInstall CONTENT_DIR=C:\WSUS
    

Remote Management

  • Make sure to add the remote workstation being used to administer the windows server as a TrustedHost on the WSUS server:
    winrm set winrm/config/client @{TrustedHosts="rsat.example.com"}
    
    • NOTE: If any other configuration changes are needed, use winrm quickconfig to identify and remedy them:
      winrm quickconfig
      
  • And also enable remote powershell connections:
    Enable-PSRemoting -force
    
  • Add the Remote Desktop firewall rules on the WSUS server:
    netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes
    
  • Add the Windows Management Instrumentation (WMI) and Remote Event Log Management firewall rules on the WSUS server:
    netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
    netsh advfirewall firewall set rule group=“Remote Event Log Management” new enable=yes
    

Windows 7 Host

  1. Install the Microsoft Report Viewer
  2. Download Windows Server Update Services 3.0 SP2 KB972455 and install the Administration Console only.
  3. Once the console is installed, also install KB2734608 to add support for Windows 8 and Server 2012.
  4. Open Windows Server Update Services and connect to the remote server wsus.example.com on port 8530.
  5. On the computer that is running Server Manager, add remote servers to the local computer’s TrustedHosts list in a Windows PowerShell session:
    Set-Item wsman:\localhost\Client\TrustedHosts wsus.example.com -Concatenate -Force
    

Windows 8 Host

  1. Install the Microsoft Report Viewer
  2. Install the Windows 8 Remote Server Administration Tool
  3. Open Windows Server Update Services and connect to the remote server wsus.example.com on port 8530.
  4. On the computer that is running Server Manager, add remote servers to the local computer’s TrustedHosts list in a Windows PowerShell session:
    Set-Item wsman:\localhost\Client\TrustedHosts wsus.example.com -Concatenate -Force
    

Local Management

  • Set the WSUS Server Object in the $wsus variable:
    $wsus = Get-WSUSServer
    
  • Set the WSUS server configuration in the $wsusConfig variable:
    $wsusConfig = $wsus.GetConfiguration()
    
  • Set to download updates from Microsoft Updates
    Set-WsusServerSynchronization –SyncFromMU
    
  • Set Update Languages to only use English and save configuration settings
    $wsusConfig.AllUpdateLanguagesEnabled = $false           
    $wsusConfig.SetEnabledUpdateLanguages(“en”)           
    $wsusConfig.Save()
    
  • Get WSUS Subscription and perform initial synchronization to get latest categories
    $subscription = $wsus.GetSubscription()
    $subscription.StartSynchronizationForCategoryOnly()
    
    While ($subscription.GetSynchronizationStatus() -ne ‘NotProcessing’) {
        Write-Host “.” -NoNewline
        Start-Sleep -Seconds 5
    }
    
    Write-Host “Sync is done.”
    
  • Configure the Platforms that WSUS will use to receive updates:
    Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Office" } | Set-WsusProduct -Verbose
    Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows" } | Set-WsusProduct -Verbose
    Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows Server 2012 R2" } | Set-WsusProduct -Verbose
    
  • Configure the Classifications
    Get-WsusClassification | Where-Object {
        $_.Classification.Title -in (
        ‘Update Rollups’,
        ‘Security Updates’,
        ‘Critical Updates’,
        ‘Service Packs’,
        ‘Updates’)
    } | Set-WsusClassification –Verbose
    
    
  • Configure Synchronizations
    $subscription.SynchronizeAutomatically=$true
    
  • Set synchronization scheduled for midnight each night
    $subscription.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0)
    $subscription.NumberOfSynchronizationsPerDay=1
    $subscription.Save()
    
  • Start a synchronization:
    $subscription.StartSynchronization()
    
  • To check on the progress of the synchronization:
    $subscription.GetSynchronizationProgress()
    
  • When the synchronization finishes, check the status:
    $subscription.GetLastSynchronizationInfo()
    

Connect Non-Domain Hosts

  • Create a wsus.reg file:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] 
    "AcceptTrustedPublisherCerts"=dword:00000001 
    "ElevateNonAdmins"=dword:00000001 
    "TargetGroup"="Workstations" 
    "TargetGroupEnabled"=dword:00000000 
    "WUServer"="http://wsus.example.com:8530"; 
    "WUStatusServer"="http://wsus.example.com:8530";
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] 
    "AUOptions"=dword:00000002 
    "UseWUServer"=dword:00000001
    
  • Then import the wsus.reg file into the Windows registry.

NOTE: If you receive an error when checking for updates, try resetting the authorization cookie on the client:

wuauclt.exe /resetauthorization /detectnow

Resources

#1

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
  • Status changed from New to In Progress
  • % Done changed from 0 to 30
#2

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
  • % Done changed from 30 to 50
#3

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
#4

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
#5

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
#6

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
#7

Updated by Daniel Curtis almost 9 years ago

  • % Done changed from 50 to 70
  • Description updated (diff)
#8

Updated by Daniel Curtis almost 9 years ago

  • Description updated (diff)
  • % Done changed from 70 to 80
#9

Updated by Daniel Curtis over 8 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 80 to 100
#10

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
  • Status changed from Resolved to Closed
#11

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#12

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#13

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#14

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#15

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#16

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#17

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
#18

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)

Also available in: Atom PDF