Hi!
Along with its abundant features, Windows Server provides an awesome feat – Windows Server Update Services (WSUS), which allows system administrators to manage and deploy product updates on any Windows running machine in the organization.
There is a great YouTube video that shows how to install and configure WSUS on your Windows Server:
There is another great YouTube video to watch if you are trying to install WSUS on Windows Server 2012 R2:
It is not recommended to install WSUS on your domain controller. Also, if you are going to install it on a virtual machine, ensure that there is enough disk space. Take it from me, I installed WSUS on our SpiceWorks server and it is running really slow.
The videos above pretty much covered the topic on how to install and configure WSUS on a Windows Server, but I am going to do a quick step-by-step of the group policy I created in order for the WSUS to detect all the machines in the organization and have the updates running on each machine.
Scenario:
MASRV: Domain Controller
ASSET: WSUS Server
MALTP50: Client
Tutorial:
- MASRV: Configure the Group Policy settings for WSUS
- Server Manager > Tools > Group Policy Management > right click on domain and click “Create a GPO in this domain, and Link it here..” > name it WSUS
- Right click on WSUS > Edit > Computer Configuration > Policies > Administration Templates > Windows Components > Windows Updates
- Double click “Configure Automatic Updates” > select Enable > click OK
- Double click “Specify intranet Microsoft update service location” > select Enable
- Set the intranet update service for detecting udpates: http://ASSET (since I have it on the default port, I do not need to specify the port – another option is to have SSL running, which will be on port 8530)
- Set the intranet statistic server: http://ASSET
- Go to cmd > gpupdate /force
- ASSET : Update policy from MASRV
- Go to cmd > gpupdate /force
- MALPTP50: Update policy from MASRV and check update
- Go to cmd > gpupdate /force
- Go to Control Panel > Windows Update > Check for updates
Once you have forced the Group Policy, you should receive update notifications on each machine and WSUS should detect the machines within the organization.