Project

General

Profile

Support #783

Updated by Daniel Curtis almost 9 years ago

One of the uses for my Windows Server is to use Windows Server Update Services (WSUS) to manage centralized updates for the various Windows boxes on my network. This is a simple guide for setting up a standalone WSUS on a Windows Server 2012 R2 Core machine using PowerShell. 

 * From the command prompt, open a PowerShell session: 
 <pre> 
 powershell 
 </pre> 

 * Install the WSUS feature using the Windows Internal Database (WID) as the database: 
 <pre> 
 Install-WindowsFeature -Name UpdateServices -IncludeManagementTools 
 </pre> 

 * After installing WSUS, point the application to a location to store downloads: 
 <pre> 
 cd "C:\Program Files\Update Services\Tools\" 
 .\WsusUtil.exe PostInstall CONTENT_DIR=C:\WSUS 
 </pre> 

 h2. Remote Management 

 h3. Windows 7 Host 

 # Install the "Microsoft Report Viewer":https://www.microsoft.com/en-us/download/details.aspx?id=6576 

 # Download Windows Server Update Services 3.0 SP2 "KB972455":http://www.microsoft.com/en-us/download/details.aspx?id=5216 and install the *Administration Console only*.  

 # Once the console is installed, also install "KB2734608":http://support.microsoft.com/kb/2734608/en-us to add support for Windows 8 and Server 2012. 

 # Open Windows Server Update Services and connect to the remote server _wsus.example.com_ on port +8530+. 

 h3. Windows 8 Host 

 # Install the "Microsoft Report Viewer":https://www.microsoft.com/en-us/download/details.aspx?id=6576 

 # Install the "Windows 8 Remote Server Administration Tool":https://www.microsoft.com/en-us/download/details.aspx?id=28972 

 # Open Windows Server Update Services and connect to the remote server _wsus.example.com_ on port +8530+. 

 h2. Local management 

 * Set To manage the WSUS Windows Server Object in Update Services Server Role locally on the @$wsus@ variable: console of your Server Core installation. To get a list of command associated with WSUS: 
 <pre> 
 $wsus = Get-WSUSServer Get-Command -Module UpdateServices 
 </pre> 

 * Set 
 *# The Get-WsusServer cmdlet shows you the WSUS server configuration in of the @$wsusConfig@ variable: Windows Server Update Server: 
 <pre> 
 $wsusConfig = $wsus.GetConfiguration() Get-WsusServer 
 </pre> 

 * Set to download 
 *# Using the Get-WsusUpdate cmdlet, you can gain information on updates available from Microsoft Updates your Windows Server Update Server: 
 <pre> 
 Set-WsusServerSynchronization –SyncFromMU Get-WsusUpdate 
 </pre>  

 * Set 
 *# Although you can point your domain-joined computers to the Windows Server Update Languages Server through Group Policy, you will need these two PowerShell cmdlets to English manage the relationship between client computers and save configuration settings target groups: 
 <pre> 
 $wsusConfig.AllUpdateLanguagesEnabled = $false            
 $wsusConfig.SetEnabledUpdateLanguages(“en”)            
 $wsusConfig.Save() Get-WsusComputer 
 Add-WsusComputer 
 </pre> 

 * Get 
 *# These two PowerShell cmdlets are pretty self-explanatory, but in all their simplicity they allow for immediate approval (and denial) of all Windows Updates offered by the Windows Server Update Server: 
 <pre> 
 Approve WsusUpdate 
 Deny-WsusUpdate 
 </pre> 
 *# Since your Windows Server Update Server utilizes classifications to target software products to WSUS Subscription clients, these two cmdlets allow you to manage these classifications and perform initial their synchronization to get latest categories settings. Classifications include applications, updates, drivers, feature packs, service packs, and tools: 
 <pre> 
 $subscription = $wsus.GetSubscription() Get-WsusClassification 
 $subscription.StartSynchronizationForCategoryOnly() 

 While ($subscription.GetSynchronizationStatus() -ne ‘NotProcessing’) { 
     Write-Host “.” -NoNewline 
     Start-Sleep -Seconds 5 Set-WsusClassification 
 } 

 Write-Host “Sync is done.” </pre> 
 </pre> 

 * Configure *# Products represent software run by the Platforms that WSUS will use clients. Products include Windows, Office, Windows Server, Exchange Server, and SQL Server. With these two cmdlets, you can manage the products you want to receive updates: synchronize WSUS content for: 
 <pre> 
 Get-WsusProduct | where-Object { 
     $_.Product.Title -in ( 
     ‘Windows 7’, 
     ‘Windows Server 2012 R2′) 
 } | Set-WsusProduct 
 </pre> 

 * Configure the Classifications 
 *# Since your Windows Server Update Server synchronizes all sorts of content from Microsoft and gets fed client computers by Active Directory, it helps to perform a spring cleanup every year. The following PowerShell command can be used for this purpose: 
 <pre> 
 Get-WsusClassification | Where-Object { 
     $_.Classification.Title -in ( 
     ‘Update Rollups’, 
     ‘Security Updates’, 
     ‘Critical Updates’, 
     ‘Service Packs’, 
     ‘Updates’) Invoke-WsusServerCleanup 
 } | Set-WsusClassification 
 </pre> 

 * Configure Synchronizations 
 *# Your Windows Server Update Server will tell you afterwards how many obsolete updates and obsolete client computers it has cleaned up: 
 <pre> 
 $subscription.SynchronizeAutomatically=$true Invoke-WsusServerCleanup -CleanupObsoleteComputers –CleanupObsoleteUpdates 
 </pre> 

 * Set synchronization scheduled for midnight each night 
 <pre> *# With the Set-WsusServerSynchronization cmdlet, you can set whether the Windows Server Update Server synchronizes from Microsoft Update, or an upstream server and the upstream server properties: 
 $subscription.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0) 
 $subscription.NumberOfSynchronizationsPerDay=1 
 $subscription.Save() 
 </pre> 

 
 * Start a synchronization: 
 <pre> 
 $subscription.StartSynchronization() Set-WsusServerSynchronization 
 </pre> 

 h2. Resources 

 * https://4sysops.com/archives/install-wsus-on-server-2012-with-powershell/ 
 * https://www.microsoft.com/en-us/download/details.aspx?id=28972 
 * http://www.shnake.com/?p=821 
 * https://technet.microsoft.com/en-us/library/dd939916(v=ws.10).aspx 
 * https://technet.microsoft.com/en-us/library/dd939859(v=ws.10).aspx 
 * https://p0w3rsh3ll.wordpress.com/2013/02/05/wsus-on-windows-server-2012-core-from-scratch/ 
 * https://blogs.technet.microsoft.com/heyscriptingguy/2013/04/15/installing-wsus-on-windows-server-2012/

Back