Detailed configuration and deployment of WSUS servers

1. WSUS installation requirements

1. Hardware requirements:

We recommend that you use the following hardware for servers with up to 500 clients:

* 1 GHz processor

* 1 GB RAM

2. software requirements:

To install WSUS with the default option, you must install the following software on your computer.

* Microsoft Internet Information Service (IIS) 6.0.

* Used for Microsoft. NET Framework 2003 Service Pack 1 of Windows Server 1.1.

* Background Intelligent Transfer Service (BITS) 2.0.

3. Disk requirements:

To install WSUS, the file system on the server must meet the following requirements:

* System partitions and WSUS partitions must be formatted using the NTFS file system.

* System partitions require at least 1 GB of available space.

* WSUS requires at least 6 GB of available space for the volumes used to store content. It is recommended that the reserved space be 30 GB.

* The WSUS installer is used to install Windows SQL Server 2000 Desktop Engine (WMSDE) volumes that require at least 2 GB of available space.

4. Automatic update requirements:

Automatic update is the client component of WSUS. There are no other hardware requirements except for the need to connect to the network. You can use automatic updates for WSUS on computers running any of the following operating systems:

* Microsoft Windows 2000 Professional with Service Pack 3 (SP3) or Service Pack 4 (SP4), Windows 2000 Server with SP3 or SP4, or Windows 2000 Advanced Server with SP3 or SP4.

* Microsoft Windows XP Professional with or without Service Pack 1 or Service Pack 2.

* Microsoft Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, or Windows Server 2003 Web Edition.

2. Install WSUS on the server

1. Double-click installer file "wsussetup.exe ". See the description http://groups.google.com/group/qingyang/browse_thread/thread/f4f9a3577b39874a of wsussetup.exe)

2. on the "welcome to use" page of the wizard, click "Next ".

3. Read the terms of the license agreement carefully, click "I accept the terms of the license agreement", and then click "Next ".

4. On the "select update source" page, you can specify the client to obtain the update source. If the "local storage Update" check box is selected, the update will be stored on the WSUS server. You need to select a location in the file system for storing updates. If updates are not stored locally, the client computer connects to Microsoft Update for approved updates. Retain the default options and click "Next ".

5. On the "Database options" Page, select the software used to manage the WSUS database. By default, if the computer to be installed runs Windows Server 2003, The WSUS installer proposes to install WMSDE. If you cannot use WMSDE, you must provide an available SQL Server instance for WSUS. The specific operation is to click "use existing database Server on this computer ", then, type the Instance name in the "select SQL Instance name" box. Then, click "Next ".

6. On the "website selection" Page, specify the website that WSUS will use. This page also lists two important URLs based on this selection: Direct the WSUS client computer to get the updated URL and the URL of the WSUS console used to configure WSUS. Retain the default options and click "Next ".

7. On the "image update settings" page, you can specify the management role of the WSUS server. If this is the first WSUS server on the network or you need a Distributed Management topology, skip this screen. If you need to centrally manage the topology and this is not the first WSUS server on the network, select this check box and enter the name of another WSUS server in the "server name" box to retain the default options, click "Next ".

8. On the "prepare to install Windows Server Update Services" Page, review the selection and click "Next ".

9. If you confirm that WSUS has been successfully installed on the last page of the wizard, click Finish ".

3. Configure WSUS

Because Microsoft has many products, we cannot update all of them. Therefore, we need to set the patch type based on the actual situation of the company.

After WSUS is installed, open the browser and use the address http: // localhost/wsusadmin to access the WSUS management interface. You can also directly enter the computer name or IP address to access WSUS. Here we enter http: // 192.168.0.18: 80/wsusadmin. Enter the Administrator account and password of the Windows 2003 system to log on to the WSUS server.

After successfully logging on to the WSUS page for the first time, you will see the message "Synchronize server, start now" in the "pending items list" below. Click this option to set WSUS.

Set "manual synchronization" or "daily scheduled synchronization" under "scheduled" to "daily scheduled synchronization ". In addition, there are settings below "products and categories". We can select the product categories available for update at the product, except for Windows, patches and update packages for Office, Exchange, SQL, and other products can be released through WSUS. In the "Update category" section, you can set the patch categories that provide downloads in detail.

After "product and category" and "Update category" are set, we also need to select the updated language type. At the bottom of the synchronization option setting interface, there is an "Advanced synchronization option ", you can set the updated language to simplified Chinese.

So far, we have completed the configuration of the patch type and language, and all the preliminary work has come to an end. Next, we need to perform specific operations on the server and client.

Download and approve Patches

How can we download the corresponding patch from the Microsoft website to the server for internal computer updates? In this case, you need to download and approve the patch.

 

Click "Synchronize now" on the left side of the interface shown in the figure to start the synchronization function of the server. The server will connect to the official Microsoft Update Server to download the corresponding patch. The patch type has been selected in the Set patch operation. The server will only download patches that meet the set conditions for the client to use. During the download process, we can only click "Stop synchronization" to end the update operation.

The patch update service cannot be provided only after the update package is downloaded. We also need to review and approve the downloaded "security and key updates, only approved patches can be downloaded from the client (in fact, the approval process is the process that the server checks the downloaded patches ). Click "review security and key updates" in the list of pending items ".

On the "Update" Page, select all patches and click "Change Approval" in the "Update task" column on the left to approve the installation of all the patches just downloaded. If you do not want the client to download a patch, do not select the patch, such:

Click Change Approval to go to the approval update window. You can select "Install" from the approval drop-down list and click "OK ". Now, all clients can download and install the patch just approved for download. Now, the basic settings on the server are complete.

Iv. Client settings in the domain

1. on the domain controller, run mmc in the command line to open the Console

2. Select Add/delete snap-in (m) from the File menu to open console 1.

3. Click Add to open the add independent unit dialog box, select the Group Policy object editor, and click Add

4. In the open selection group policy object, select Browse

5. Select "Default Domain Policy" from the selected group Policy object and click OK. Close all opened subwindows and return to the main interface of console 1.

6. Expand the script to start or shut down in sequence)

7. Click "Configure Auto Update", select "enabled" in "enable" "Configure auto update attributes", and select a time.

8. Click the next setting:

OK, apply, and save all the settings.

To simplify the configuration of the client, the registry information is written in the box for everyone. copy the information and modify it according to your actual configuration. Change it to the reg format and update it.
REGEDIT4
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU]
"RescheduleWaitTime" = dword: 00000004
"NoAutoRebootWithLoggedOnUsers" = dword: 00000001
"NoAutoUpdate" = dword: 00000000
"AUOptions" = dword: 00000004
"ScheduledInstallDay" = dword: 00000000
"ScheduledInstallTime" = dword: 00000003
"UseWUServer" = dword: 00000001
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate]
"WUServer" = "http: // 202.113.88.33 /"
"WUStatusServer" = "http: // 202.113.88.33 /"