Support #783
Install WSUS on Windows Server 2012 Core
Status:
Closed
Priority:
Normal
Assignee:
Category:
Server Management
Target version:
Description
One of the uses for my Windows Server is to use Windows Server Update Services (WSUS) to manage centralized updates for the various Windows boxes on my network. This is a simple guide for setting up a standalone WSUS on a Windows Server 2012 R2 Core machine using PowerShell.
Install WSUS¶
- From the command prompt, open a PowerShell session:
powershell
- Install the WSUS feature using the Windows Internal Database (WID) as the database:
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools
- After installing WSUS, point the application to a location to store downloads:
cd "C:\Program Files\Update Services\Tools\" .\WsusUtil.exe PostInstall CONTENT_DIR=C:\WSUS
Remote Management¶
- Make sure to add the remote workstation being used to administer the windows server as a TrustedHost on the WSUS server:
winrm set winrm/config/client @{TrustedHosts="rsat.example.com"}
- NOTE: If any other configuration changes are needed, use
winrm quickconfig
to identify and remedy them:winrm quickconfig
- NOTE: If any other configuration changes are needed, use
- And also enable remote powershell connections:
Enable-PSRemoting -force
- Add the Remote Desktop firewall rules on the WSUS server:
netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes
- Add the Windows Management Instrumentation (WMI) and Remote Event Log Management firewall rules on the WSUS server:
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes netsh advfirewall firewall set rule group=“Remote Event Log Management” new enable=yes
Windows 7 Host¶
- Install the Microsoft Report Viewer
- Download Windows Server Update Services 3.0 SP2 KB972455 and install the Administration Console only.
- Once the console is installed, also install KB2734608 to add support for Windows 8 and Server 2012.
- Open Windows Server Update Services and connect to the remote server wsus.example.com on port 8530.
- On the computer that is running Server Manager, add remote servers to the local computer’s TrustedHosts list in a Windows PowerShell session:
Set-Item wsman:\localhost\Client\TrustedHosts wsus.example.com -Concatenate -Force
Windows 8 Host¶
- Install the Microsoft Report Viewer
- Install the Windows 8 Remote Server Administration Tool
- Open Windows Server Update Services and connect to the remote server wsus.example.com on port 8530.
- On the computer that is running Server Manager, add remote servers to the local computer’s TrustedHosts list in a Windows PowerShell session:
Set-Item wsman:\localhost\Client\TrustedHosts wsus.example.com -Concatenate -Force
Local Management¶
- Set the WSUS Server Object in the
$wsus
variable:$wsus = Get-WSUSServer
- Set the WSUS server configuration in the
$wsusConfig
variable:$wsusConfig = $wsus.GetConfiguration()
- Set to download updates from Microsoft Updates
Set-WsusServerSynchronization –SyncFromMU
- Set Update Languages to only use English and save configuration settings
$wsusConfig.AllUpdateLanguagesEnabled = $false $wsusConfig.SetEnabledUpdateLanguages(“en”) $wsusConfig.Save()
- Get WSUS Subscription and perform initial synchronization to get latest categories
$subscription = $wsus.GetSubscription() $subscription.StartSynchronizationForCategoryOnly() While ($subscription.GetSynchronizationStatus() -ne ‘NotProcessing’) { Write-Host “.” -NoNewline Start-Sleep -Seconds 5 } Write-Host “Sync is done.”
- Configure the Platforms that WSUS will use to receive updates:
Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Office" } | Set-WsusProduct -Verbose Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows" } | Set-WsusProduct -Verbose Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows Server 2012 R2" } | Set-WsusProduct -Verbose
- Configure the Classifications
Get-WsusClassification | Where-Object { $_.Classification.Title -in ( ‘Update Rollups’, ‘Security Updates’, ‘Critical Updates’, ‘Service Packs’, ‘Updates’) } | Set-WsusClassification –Verbose
- Configure Synchronizations
$subscription.SynchronizeAutomatically=$true
- Set synchronization scheduled for midnight each night
$subscription.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0) $subscription.NumberOfSynchronizationsPerDay=1 $subscription.Save()
- Start a synchronization:
$subscription.StartSynchronization()
- To check on the progress of the synchronization:
$subscription.GetSynchronizationProgress()
- When the synchronization finishes, check the status:
$subscription.GetLastSynchronizationInfo()
Connect Non-Domain Hosts¶
- Create a wsus.reg file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "AcceptTrustedPublisherCerts"=dword:00000001 "ElevateNonAdmins"=dword:00000001 "TargetGroup"="Workstations" "TargetGroupEnabled"=dword:00000000 "WUServer"="http://wsus.example.com:8530"; "WUStatusServer"="http://wsus.example.com:8530"; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "AUOptions"=dword:00000002 "UseWUServer"=dword:00000001
- Then import the wsus.reg file into the Windows registry.
NOTE: If you receive an error when checking for updates, try resetting the authorization cookie on the client:
wuauclt.exe /resetauthorization /detectnow
Resources¶
- https://4sysops.com/archives/install-wsus-on-server-2012-with-powershell/
- https://www.microsoft.com/en-us/download/details.aspx?id=28972
- http://www.shnake.com/?p=821
- https://technet.microsoft.com/en-us/library/dd939916(v=ws.10).aspx
- https://technet.microsoft.com/en-us/library/dd939859(v=ws.10).aspx
- https://p0w3rsh3ll.wordpress.com/2013/02/05/wsus-on-windows-server-2012-core-from-scratch/
- https://blogs.technet.microsoft.com/heyscriptingguy/2013/04/15/installing-wsus-on-windows-server-2012/
- http://social.technet.microsoft.com/wiki/contents/articles/13444.windows-server-2012-server-manager-troubleshooting-guide-part-ii-troubleshoot-manageability-status-errors-in-server-manager.aspx
- https://technet.microsoft.com/en-us/library/hh831453
- https://4sysops.com/archives/enable-powershell-remoting-on-a-standalone-workgroup-computer/
- https://www.packet6.com/unable-to-remote-desktop-into-windows-server-2012-r2-core/
- http://joe.blog.freemansoft.com/2013/02/enabling-remote-management-for-windows.html
Updated by Daniel Curtis over 8 years ago
- Description updated (diff)
- Status changed from New to In Progress
- % Done changed from 0 to 30
Updated by Daniel Curtis over 8 years ago
- Description updated (diff)
- % Done changed from 30 to 50
Updated by Daniel Curtis over 8 years ago
- % Done changed from 50 to 70
- Description updated (diff)
Updated by Daniel Curtis over 8 years ago
- Description updated (diff)
- % Done changed from 70 to 80
Updated by Daniel Curtis over 8 years ago
- Status changed from In Progress to Resolved
- % Done changed from 80 to 100
Updated by Daniel Curtis over 8 years ago
- Description updated (diff)
- Status changed from Resolved to Closed