Although WSUS and Norton upgrade servers are available on the campus network, most servers and workstation on the Intranet cannot access the campus network or the Internet, so the system cannot be updated and anti-virus software is useless, therefore, we started to build our own WSUS server. Because the Norton upgrade server involved the Norton charging problem, we added a private card IP address to the Norton upgrade server on the campus network, then, add the Wins address to the new address on each client, and then kill the software. The WSUS server will do it on its own and find an HP 380 machine, considering that all the update files will occupy a lot of space if they are stored locally, the last four hard disks will be changed to RAID 5, and only one partition will be allocated. The SUS1.0 program was initially installed, it was discovered that it could not be used as a downstream server of WSUS on the campus network. Later, it was known that the version was too low. However, it could be synchronized directly to Microsoft, but the speed was very slow. Later, we downloaded WSUS 3.0 X86, the installation process is simple and the system requirements are as follows:
Installation and running of hardware conditions: 1 gb cpu or above; 1 GB memory; WSUS storage space directory should be no less than 2 GB, recommended 30 GB
This time, hp0000g servers are used: dual-core Xeon E5405CPU, 16 GB memory, and WSUS partition running g146g * 4 Raid5) Windows Server 2003 Service Pack 2
WSUS 3.0 Server Software Prerequisites:
Windows Server 2003 SP1 or later
Microsoft IIS 6.0 or later
Microsoft. NET Framework 2.0
Microsoft Management Console 3.0
Microsoft Report Viewer
SQL Server 2005 SP1 is optional. Note if a compatible version of SQL Server is not installed already, WSUS 3.0 will install Windows Internal Database.
WSUS 3.0 Administration Console Software Prerequisites:
Additional Supported Operating Systems: Windows Server 2003 SP1 or later, Windows XP SP2 and Windows Vista
Microsoft. NET Framework 2.0
Microsoft Management Console 3.0
Microsoft Report Viewer
Preparations:
Install related windows components can be downloaded from the Microsoft Web site http://www.microsoft.com/downloads/Search.aspx? Displaylang = zh-cn)
Installation sequence: MMC 3.0 --> IIS 6.0 -->. NET Framework 2.0 --> ReportViewer
Install the database (one of them)
1. SqlServer2000 (SP4) database or SqlServer2005 (SP1) Database
2. WSMED (Windows) database automatically installed during WSUS 3.0 Installation
Install WSUS 3.0
A web Service is created during WSUS installation. You can select port 80 of TCP or port 8530 of TCP. If other web sites installed on the server occupy port 80, configure the WSUS web service to port 8530. In this case, configure the RUL: http: // server IP address used by the client to access the server: 8530. After the installation is complete, configure the WSUS 3.0 server as required.
WSUS client Configuration
1. Configure the computer in Active Directory
In Active Directory, select the organization unit to be configured as the client, or create a new organization unit. Right-click the selected organizational unit and choose Properties> Create group policy name from the shortcut menu. Then, click Edit. Open the Group Policy editing window, and expand "Computer Configuration"> "management template"> "windowsComponents"> "Windows Update" in turn, in the list on the right.
Start "automatic configuration Update" and configure
Start "specify enterprise LAN Update service address" and configure
2. Computers configured through local policies (computers in non-Active Directory)
Run "gpedit. msc" to edit the Group Policy. Similar to computers in AD.
3. You can also modify the Registry to configure the client.
Save the file in reg format and run import on the client computer.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate]
"WUServer" = "http: // your WSUS server name or IP address"
"WUStatusServer" = "http: // your WSUS server name or IP address"
"ElevateNonAdmins" = dword: 00000001
"TargetGroupEnabled" = dword: 00000001
"TargetGroup" = ""
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU]
"NoAutoUpdate" = dword: 00000000
"AUOptions" = dword: 00000004
"ScheduledInstallDay" = dword: 00000000
"ScheduledInstallTime" = dword: 0000000a
"UseWUServer" = dword: 00000001
"AutoInstallMinorUpdates" = dword: 00000001
"RebootRelaunchTimeoutEnabled" = dword: 00000001
"RebootRelaunchTimeout" = dword: 0000001e
"RescheduleWaitTime" = dword: 00000005
"RescheduleWaitTimeEnabled" = dword: 00000001
"Noaushudownoption" = dword: 00000001
"Noauasdefashutshutdownoption" = dword: 00000001
"DetectionFrequencyEnabled" = dword: 00000001
"DetectionFrequency" = dword: 00000022.
"NoAutoRebootWithLoggedOnUser" = dword: 00000001
"RebootWarningTimeout" = dword: 00000010
"RebootWarningTimeoutEnabled" = dword: 00000001
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"WSUS Update" = "wuauclt.exe/detectnow"
---------------------------------------------- The following is a detailed description ------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate]
"WUServer" = "http://wsus.yoursite.com"
Set your wusserver Server
"WUStatusServer" = "http://wsus.yoursite.com"
"ElevateNonAdmins" = dword: 00000000
When it is set to 1, non-Administrator members can also patch the computer
"TargetGroupEnabled" = dword: 00000001
Note: Only with this setting can the client computer be detected by the wsus server !!
"TargetGroup" = "superuser"
Target group: The computer group that the client automatically registers to the wsus server. It can be blank.
If these two key values are missing from many registries on the Internet, the wsus server cannot detect the client and manage the client.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU]
"NoAutoUpdate" = dword: 00000000
Set to 0, indicating automatic upgrade
"AUOptions" = dword: 00000004
If this parameter is set to 4, the download is automatically installed. 3. reminder for Installation
"ScheduledInstallDay" = dword: 00000000
If the value is set to 0, updates are detected every day.
"ScheduledInstallTime" = dword: 0000000a
Set the patch installation time. Because AUOptions is set to 4, the automatic installation time is set to a, that is, ten o'clock A.M. in decimal format, to ten o'clock A.M.. the patch is automatically installed.
"UseWUServer" = dword: 00000001
// Indicates that you use wsusserver, which is your own wsus server, instead of upgrading the website of Microsoft.
"AutoInstallMinorUpdates" = dword: 00000001
If it is set to 1, it indicates that the background is installed, that is, the patch is installed quietly.
"RebootRelaunchTimeoutEnabled" = dword: 00000001
// Set the parameter to 1.
"RebootRelaunchTimeout" = dword: 00000014
Indicates the restart interval, which is set to 20 minutes in hexadecimal format.
"DetectionFrequencyEnabled" = dword: 00000001
Set this parameter to 1. The following parameters are valid.
"DetectionFrequency" = dword: 00000005.
Set the detection frequency. for testing purposes, set the frequency to 5. Set it to 22, once a day.
"NoAutoRebootWithLoggedOnUser" = dword: 00000001
Set to 1, indicating whether to wait for a while before restarting. If it is set to 0, restart within 5 minutes.
"RebootWarningTimeout" = dword: 00000010
Indicates the restart time after the scheduled upgrade.
"RebootWarningTimeoutEnabled" = dword: 00000001
Set to 1. The preceding settings are valid. If it is set to 0, the default value is 10 minutes.
"RescheduleWaitTime" = dword: 00000005
If an update misses the installation time and the next time it is started, for example, if you do not start the update at ten o'clock A.M., It is not installed. After this parameter is set, it indicates that it will take five minutes to start, prompt for installation.
"RescheduleWaitTimeEnabled" = dword: 00000001
It is mainly used to make the preceding parameter valid.
A. HEEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU Key Value Name: NoAutoUpdate key value: 0 or 1 n = 0: Allow Automatic Upgrade default value) n = 1: automatic Upgrade of the key value type is not allowed: Reg_DWORD Key Value Name: AUOptions key value: 2, 3, 4 n = 2: notifications during download and installation n = 3: notification n = 4 during Automatic download and installation: Automatic download and set the installation schedule key value type: Reg_DWORD Key Value Name: ScheduledInstallDay key value: 0 ~ 7 n = 0: n = 1 ~ every day ~ 7: Representing Sunday 1) to Saturday 7) Key Value Type: Reg_DWORD Key Value Name: ScheduledInstallTime key value: 0 ~ 23. The value is equal to the 24-hour distribution key value type of the day: Reg_DWORD Key Value Name: UseWUServer key value: the value 1 is used to replace the Windows upgrade key value type with the software upgrade service: Reg_DWORD.