Project

General

Profile

Support #783

Updated by Daniel Curtis almost 9 years ago

One of the uses for my Windows Server is to use Windows Server Update Services (WSUS) to manage centralized updates for the various Windows boxes on my network. This is a simple guide for setting up a standalone WSUS on a Windows Server 2012 R2 Core machine using PowerShell. 

 * From the command prompt, open a PowerShell session: 
 <pre> 
 powershell 
 </pre> 

 * Install the WSUS feature using the Windows Internal Database (WID) as the database: 
 <pre> 
 Install-WindowsFeature -Name UpdateServices -IncludeManagementTools 
 </pre> 

 * After installing WSUS, point the application to a location to store downloads: 
 <pre> 
 cd "C:\Program Files\Update Services\Tools\" 
 .\WsusUtil.exe PostInstall CONTENT_DIR=C:\WSUS 
 </pre> 

 h2. Remote Management 

 h3. Windows 7 Host 

 # Install the "Microsoft Report Viewer":https://www.microsoft.com/en-us/download/details.aspx?id=6576 
 # Download Windows Server Update Services 3.0 SP2 "KB972455":http://www.microsoft.com/en-us/download/details.aspx?id=5216 and install the *Administration Console only*.  
 # Once the console is installed, also install "KB2734608":http://support.microsoft.com/kb/2734608/en-us to add support for Windows 8 and Server 2012. 
 # Open Windows Server Update Services and connect to the remote server _wsus.example.com_ on port +8530+. 

 h3. Windows 8 Host 

 # Install the "Microsoft Report Viewer":https://www.microsoft.com/en-us/download/details.aspx?id=6576 
 # Install the "Windows 8 Remote Server Administration Tool":https://www.microsoft.com/en-us/download/details.aspx?id=28972 
 # Open Windows Server Update Services and connect to the remote server _wsus.example.com_ on port +8530+. 

 h2. Local Management 

 * Set the WSUS Server Object in the @$wsus@ variable: 
 <pre> 
 $wsus = Get-WSUSServer 
 </pre> 

 * Set the WSUS server configuration in the @$wsusConfig@ variable: 
 <pre> 
 $wsusConfig = $wsus.GetConfiguration() 
 </pre> 

 * Set to download updates from Microsoft Updates 
 <pre> 
 Set-WsusServerSynchronization –SyncFromMU 
 </pre>  

 * Set Update Languages to only use English and save configuration settings 
 <pre> 
 $wsusConfig.AllUpdateLanguagesEnabled = $false            
 $wsusConfig.SetEnabledUpdateLanguages(“en”)            
 $wsusConfig.Save() 
 </pre> 

 * Get WSUS Subscription and perform initial synchronization to get latest categories 
 <pre> 
 $subscription = $wsus.GetSubscription() 
 $subscription.StartSynchronizationForCategoryOnly() 

 While ($subscription.GetSynchronizationStatus() -ne ‘NotProcessing’) { 
     Write-Host “.” -NoNewline 
     Start-Sleep -Seconds 5 
 } 

 Write-Host “Sync is done.” 
 </pre> 

 * Configure the Platforms that WSUS will use to receive updates: 
 <pre> 
 Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Office" } | Set-WsusProduct -Verbose --Verbose 
 Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows" } | Set-WsusProduct -Verbose --Verbose 
 Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows Server 2012 R2" } | Set-WsusProduct -Verbose --Verbose 
 </pre> 

 * Configure the Classifications 
 <pre> 
 Get-WsusClassification | Where-Object { 
     $_.Classification.Title -in ( 
     ‘Update Rollups’, 
     ‘Security Updates’, 
     ‘Critical Updates’, 
     ‘Service Packs’, 
     ‘Updates’) 
 } | Set-WsusClassification –Verbose 

 </pre> 

 * Configure Synchronizations 
 <pre> 
 $subscription.SynchronizeAutomatically=$true 
 </pre> 

 * Set synchronization scheduled for midnight each night 
 <pre> 
 $subscription.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0) 
 $subscription.NumberOfSynchronizationsPerDay=1 
 $subscription.Save() 
 </pre> 
 
 * Start a synchronization: 
 <pre> 
 $subscription.StartSynchronization() 
 </pre> 

 * To check on the progress of the synchronization: 
 <pre> 
 $subscription.GetSynchronizationProgress() 
 </pre> 

 * When the synchronization finishes, check the status: 
 <pre> 
 $subscription.GetLastSynchronizationInfo() 
 </pre> 

 h2. Connect Non-Domain Hosts 

 * Create a wsus.reg file: 
 <pre> 
 Windows Registry Editor Version 5.00 

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]  
 "AcceptTrustedPublisherCerts"=dword:00000001  
 "ElevateNonAdmins"=dword:00000001  
 "TargetGroup"="Workstations"  
 "TargetGroupEnabled"=dword:00000000  
 "WUServer"="http://wsus.example.com:8530";  
 "WUStatusServer"="http://wsus.example.com:8530"; 

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]  
 "AUOptions"=dword:00000004  
 "AUPowerManagement"=dword:00000001  
 "AutoInstallMinorUpdates"=dword:00000001  
 "DetectionFrequency"=dword:0000000a  
 "DetectionFrequencyEnabled"=dword:00000001  
 "IncludeRecommendedUpdates"=dword:00000001  
 "NoAUAsDefaultShutdownOption"=dword:00000001  
 "NoAUShutdownOption"=dword:00000001  
 "NoAutoRebootWithLoggedOnUsers"=dword:00000001  
 "NoAutoUpdate"=dword:00000000  
 "RebootRelaunchTimeout"=dword:0000000a  
 "RebootRelaunchTimeoutEnabled"=dword:00000001  
 "RescheduleWaitTime"=dword:0000000a  
 "RescheduleWaitTimeEnabled"=dword:00000001  
 "ScheduledInstallDay"=dword:00000000  
 "ScheduledInstallTime"=dword:00000003  
 "UseWUServer"=dword:00000001 
 </pre> 

 * Then import the wsus.reg file into the Windows registry. 

 h2. Resources 

 * https://4sysops.com/archives/install-wsus-on-server-2012-with-powershell/ 
 * https://www.microsoft.com/en-us/download/details.aspx?id=28972 
 * http://www.shnake.com/?p=821 
 * https://technet.microsoft.com/en-us/library/dd939916(v=ws.10).aspx 
 * https://technet.microsoft.com/en-us/library/dd939859(v=ws.10).aspx 
 * https://p0w3rsh3ll.wordpress.com/2013/02/05/wsus-on-windows-server-2012-core-from-scratch/ 
 * https://blogs.technet.microsoft.com/heyscriptingguy/2013/04/15/installing-wsus-on-windows-server-2012/

Back