Support #783
Updated by Daniel Curtis over 8 years ago
{{>toc}} One of the uses for my Windows Server is to use Windows Server Update Services (WSUS) to manage centralized updates for the various Windows boxes on my network. This is a simple guide for setting up a standalone WSUS on a Windows Server 2012 R2 Core machine using PowerShell. h2. Install WSUS * From the command prompt, open a PowerShell session: <pre> powershell </pre> * Install the WSUS feature using the Windows Internal Database (WID) as the database: <pre> Install-WindowsFeature -Name UpdateServices -IncludeManagementTools </pre> * After installing WSUS, point the application to a location to store downloads: <pre> cd "C:\Program Files\Update Services\Tools\" .\WsusUtil.exe PostInstall CONTENT_DIR=C:\WSUS </pre> h2. Remote Management h3. Windows 7 Host # Install the "Microsoft Report Viewer":https://www.microsoft.com/en-us/download/details.aspx?id=6576 # Download Windows Server Update Services 3.0 SP2 "KB972455":http://www.microsoft.com/en-us/download/details.aspx?id=5216 and install the *Administration Console only*. # Once the console is installed, also install "KB2734608":http://support.microsoft.com/kb/2734608/en-us to add support for Windows 8 and Server 2012. # Open Windows Server Update Services and connect to the remote server _wsus.example.com_ on port +8530+. h3. Windows 8 Host # Install the "Microsoft Report Viewer":https://www.microsoft.com/en-us/download/details.aspx?id=6576 # Install the "Windows 8 Remote Server Administration Tool":https://www.microsoft.com/en-us/download/details.aspx?id=28972 # Open Windows Server Update Services and connect to the remote server _wsus.example.com_ on port +8530+. h2. Local Management * Set the WSUS Server Object in the @$wsus@ variable: <pre> $wsus = Get-WSUSServer </pre> * Set the WSUS server configuration in the @$wsusConfig@ variable: <pre> $wsusConfig = $wsus.GetConfiguration() </pre> * Set to download updates from Microsoft Updates <pre> Set-WsusServerSynchronization –SyncFromMU </pre> * Set Update Languages to only use English and save configuration settings <pre> $wsusConfig.AllUpdateLanguagesEnabled = $false $wsusConfig.SetEnabledUpdateLanguages(“en”) $wsusConfig.Save() </pre> * Get WSUS Subscription and perform initial synchronization to get latest categories <pre> $subscription = $wsus.GetSubscription() $subscription.StartSynchronizationForCategoryOnly() While ($subscription.GetSynchronizationStatus() -ne ‘NotProcessing’) { Write-Host “.” -NoNewline Start-Sleep -Seconds 5 } Write-Host “Sync is done.” </pre> * Configure the Platforms that WSUS will use to receive updates: <pre> Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Office" } | Set-WsusProduct -Verbose Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows" } | Set-WsusProduct -Verbose Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows Server 2012 R2" } | Set-WsusProduct -Verbose </pre> * Configure the Classifications <pre> Get-WsusClassification | Where-Object { $_.Classification.Title -in ( ‘Update Rollups’, ‘Security Updates’, ‘Critical Updates’, ‘Service Packs’, ‘Updates’) } | Set-WsusClassification –Verbose </pre> * Configure Synchronizations <pre> $subscription.SynchronizeAutomatically=$true </pre> * Set synchronization scheduled for midnight each night <pre> $subscription.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0) $subscription.NumberOfSynchronizationsPerDay=1 $subscription.Save() </pre> * Start a synchronization: <pre> $subscription.StartSynchronization() </pre> * To check on the progress of the synchronization: <pre> $subscription.GetSynchronizationProgress() </pre> * When the synchronization finishes, check the status: <pre> $subscription.GetLastSynchronizationInfo() </pre> h2. Connect Non-Domain Hosts * Create a wsus.reg file: <pre> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "AcceptTrustedPublisherCerts"=dword:00000001 "ElevateNonAdmins"=dword:00000001 "TargetGroup"="Workstations" "TargetGroupEnabled"=dword:00000000 "WUServer"="http://wsus.example.com:8530"; "WUStatusServer"="http://wsus.example.com:8530"; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "AUOptions"=dword:00000004 "AUPowerManagement"=dword:00000001 "AutoInstallMinorUpdates"=dword:00000001 "DetectionFrequency"=dword:0000000a "DetectionFrequencyEnabled"=dword:00000001 "IncludeRecommendedUpdates"=dword:00000001 "NoAUAsDefaultShutdownOption"=dword:00000001 "NoAUShutdownOption"=dword:00000001 "NoAutoRebootWithLoggedOnUsers"=dword:00000001 "NoAutoUpdate"=dword:00000000 "RebootRelaunchTimeout"=dword:0000000a "RebootRelaunchTimeoutEnabled"=dword:00000001 "RescheduleWaitTime"=dword:0000000a "RescheduleWaitTimeEnabled"=dword:00000001 "ScheduledInstallDay"=dword:00000000 "ScheduledInstallTime"=dword:00000003 "UseWUServer"=dword:00000001 </pre> * Then import the wsus.reg file into the Windows registry. h2. Resources * https://4sysops.com/archives/install-wsus-on-server-2012-with-powershell/ * https://www.microsoft.com/en-us/download/details.aspx?id=28972 * http://www.shnake.com/?p=821 * https://technet.microsoft.com/en-us/library/dd939916(v=ws.10).aspx * https://technet.microsoft.com/en-us/library/dd939859(v=ws.10).aspx * https://p0w3rsh3ll.wordpress.com/2013/02/05/wsus-on-windows-server-2012-core-from-scratch/ * https://blogs.technet.microsoft.com/heyscriptingguy/2013/04/15/installing-wsus-on-windows-server-2012/