A WSUS Server is a Windows Update Server and is simply a Server Role that you enable to have MS Updates pushed locally instead of over the WAN.
Before beginning, make sure you have access to the internet. For my lab, I have two NICs on separate subnets installed. Make sure to download the Report Viewer located here.
Just for the installation, disable the Windows Firewall. Install the WSUS role in Server Manager.
After the installation, double click on the Windows Server Update Services icon in your Administrative Tools. So the way this works is you specify the updates that you want to receive for your environment and then you “synchronize” with MS Servers’ for what you request.
On the Navigation Tree on the left, the first thing you want to do is to configure your options:
4a. First click on “Update Files and Languages” – Languages Tab – “Only these languages..” radio button – Select your language.
4b. Next click on “Products and Classifications” – Unselect all and then select only updates you want to push. When done, do the same in the categories tab.
4c. Click on “Automatic Approvals” and select the “Default Automatic Approval Rule”.
- After you have selected all your options, select a sync schedule or if you choose manually (like I did), choose synchronize server from the “Synchronize” navigation menu on the left. All done!
On the Clients:
- If you are on a domain, just create a GPO to point to the WSUS Server by the following steps:
1a. Link a new GPO – Edit.
1b. Navigate to: “Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update”
1c. “Specify intranet Microsoft Update Servcies Location” – Edit – Type: http://YourWSUSServerHostName in the two update locations and change the policy to Enabled.
1d. “Configure Automatic Updates” – Edit – Change the drop down to “4-Auto Download and schedule” and then select a schedule.
1d. Obviously, configure any other policies you want to enable while here and then link the GPO.
1e. Run gpedit on the Domain Controller and on the clients for the policy to take effect.
- If you are not on a domain, just run gpedit.msc on each machine and modify the same steps.