Today we will talk about how to install and configure the WSUS role on Windows Server 2019, this process has become much simpler and easier, and WSUS is now fully integrated into the system.
Windows Server Update Services (WSUS) is an update service that allows administrators to centrally manage the distribution of patches and security updates
for Microsoft products Starting with Windows Server 2008 R2, WSUS was included in the OS as one of the roles, therefore, despite the fact that we will consider the Windows Server 2019 platform, all of the above, with minor amendments, will be true for Server 2008 R2.
Of the third-party packages, you only need to install Microsoft Report Viewer 2012 Runtime, but it is not mandatory and does not affect the operation of the service, but is required only for generating reports. Therefore, even if you forget to install it, nothing bad will happen, the first time you access the reports, the system will notify you of this and provide a download link.
Important! There are a number of limitations to installing WSUS role services. A WSUS database server cannot be a domain controller; a WSUS server cannot be a Remote Desktop Services terminal server at the same time.
13 Steps total
Step 1: Add WSUS Role
To install WSUS, open Server Manager and go to Management – Add Roles and Features. In the wizard that opens, add the Windows Server Update Services role.
Step 2: Add all the necessary roles and components
The next step will add all the necessary roles and components, so you won’t have to configure anything else separately.
Step 3: Use Windows Internal Database
WSUS suggests using the Windows Internal Database (WID) as the default storage. For small implementations, we see no reason in installing a separate SQL server; this will not give any significant advantages.
Step 4: Choose Role services
The next step goes to the basic settings of the role services. In our case, you will need to select the WID Database and WSUS Services options, if you intend to use a SQL server, then instead of the WID Database you should select the Database option. The database server itself should already be deployed to your network by this point.
Step 5: Indicate the location of the update repository
The next step is to indicate the location of the update repository, we recommend that you allocate a separate hard disk or disk partition for these purposes.
Step 6: Run after installation tasks
It is also possible that only information about updates will be stored on the WSUS server, the update packages themselves, after they are approved and appointed by the administrator, will be downloaded from Microsoft servers. In our opinion, such a scheme will be convenient for small companies with a good Internet channel; indeed, for the sake of a dozen machines, organizing local storage does not make much sense, especially if WSUS is not the only role of this server.
If you selected an external database, you will also need to specify the parameters for connecting to the SQL server. After which you can proceed to install the role, a reboot is not required. After installation, click on the flag with a yellow exclamation mark in the Server Manager and click Run after installation tasks, wait for the procedure to complete (the exclamation mark will disappear).
Step 7: Choose the source of synchronization
On this, the role installation can be considered complete and proceeds to the WSUS configuration.
In short, you first need to choose the source of synchronization: the Microsoft server or the upstream WSUS server.
Step 8: Choose languages and products.
Then choose languages and products.
Step 9: Choose Classifications
Choose Classifications
Step 10: Set the parameters for automatic synchronization
And set the parameters for automatic synchronization.
Step 11: Specify the rules for automatic approval
The initial synchronization process may take a long time, depending on the selected set of products and classes, as well as the speed of your Internet channel.
Do not forget to specify the rules for automatic approval and approve already downloaded updates.
Step 12: Specify intranet Microsoft update service location
After which you will need to tell clients the location of your WSUS server, this can be done via Group Policies: Computer Configuration – Policies – Administrative Templates – Windows Update – Specify intranet Microsoft update service location.
Step 13: Use local Group policy editor
Or in local policies: Start – Run – gpedit.msc, then Computer Configuration – Administrative Templates – Windows Update (Windows Update) – Specify intranet Microsoft update service location
The path to the server should be written as http: // SERVER_NAME: 8530, while we recommend that you explicitly specify the service port. After some time, computers will begin to receive updates and appear in the server console, where you can get detailed information on already installed and required updates.
Microsoft has done a great job to improve WSUS, now it is one of the roles of the system and its installation and configuration should not cause difficulties even for beginners.