OS patching I use WSUS (on)

Have you ever encountered a very slow download speed when using the update patch provided by windows? It usually takes more than three hours to download the patch?
This is only limited to key updates. It takes longer to download drivers and non-key updates. How do you ensure that your company only allows Internet access on an intranet employee's computer?
What is the latest patch? I'm afraid none of these functions can be implemented using the default update.
Microsoft has come up with a solution for us-using WSUS. Through WSUS, we can establish an internal
The Update Server allows the company's computer to directly download the patch on this update server, which greatly shortens the Patch Update Time and improves security. In addition
Computers on the Internet can access the Update Server in the internal network or install the latest patch at any time, effectively preventing the spread of vulnerability-type viruses over the Intranet.
1. Introduction to Windows Server Update Services
WSUS (Windows Server Update Services) is an alternative to sus launched by Microsoft following the Software Update Service. The current version is 2.0. Presumably some network administrators have used Sus. What are the main new features of WSUS?
(1) supports updates to more Microsoft products. Besides windows, patches and update packages for office, exchange, SQL, and other products can be released through WSUS, SUS only supports windows.
(2) more languages are supported, including Chinese.
(3) using the 2.0 smart transmission service in the background makes better use of network bandwidth than Sus.
(4) The management of clients is more powerful. different user groups can be assigned to different clients and different download rules can be assigned to different groups.
(5) It is simpler and more intuitive to set and manage than SUS.
If the number of clients on your network to be upgraded is less than 500 computers, the minimum WSUS server hardware frequency is MHz processor and MB memory, of course, you also need enough hard disk space to save the installation files of the update program.
2. Deploy Windows Server Update Services
In theory, the preaching effect is not good, so I will set up an application environment to explain how to install and configure the WSUS server and how to set the client to download the patch through this WSUS server.
Windows Server Update Services archive:
Software Version: 2.0 official version
Software: 124 MB
Software language: multi-language
Software Platform: Win2000/2003 Server
Software authorization: Shared Software
: Http://download.microsoft.com/download/9/3/3/933eaf5d-f2a2-4a03-8a87-e8f6e6d07e7f/WSUSSetup.exe
Practice: Create a WSUS server on the Enterprise Intranet to allow clients to update patches through this server.
Ren
Description: My company's network is on CERNET. It takes a long time for clients to connect to the official Update site of Microsoft. To improve the network security of the company and speed up patch updates
Select a server to create an Update site within the company through WSUS, so that all employee computers can update the patch at this update site. The server name is softer.
Accuracy
Backup work: because the software requires many necessary components, if WSUS is installed on win2000server, these components need to be installed, and these components are installed by default on
Therefore, we recommend that you use 2003 to deploy the WSUS server. We recommend that you install other web sites carefully on the server where the server is installed. Requirement 1.

 

Figure 1

Implementation Method:
Step 1: win2003 does not enable the IIS service by default. Therefore, you need to install the "Application Server" component in "Control Panel"> "add and delete programs"> "add and delete Windows Components, during installation, IIS is added to the local computer. (2)

 

Figure 2

Step 2: Download WSUS and double-click the installer. The program will be automatically decompressed. (3)

 

Figure 3

Step 3: Start WSUS installation. All steps are the same as installing common software. On the installation path selection page, note that the installation path has 6 GB space and the installation path is in the NTFS format file system. (4)

 

Figure 4

Step 4: Because I have not installed SQL Server in win2003, the software will also install SQL Server Desktop edition on the computer. (5)

 

Figure 5

Step 5: In the website settings window, select "use existing IIS default website". If other website services are enabled on the Local Computer and port 80 is occupied, select the port 8530 option below, but it will cause inconvenience. (6)

 

Figure 6

Step 6: because we are upgrading servers independently rather than the image site of other servers, you do not need to select the image update settings. (7)

 

Figure 7

Step 7: start wsus installation to your local computer. (8)

 

Figure 8

Step 9: enter the correct user name and password. Enter the Administrator account and password of the Windows2003 system.
Step 10: After successfully logging on to WSUS for the first time, we will see the "synchronization server, start now" display information in the "pending items list" below. Click this option to set WSUS. (9)
Step 8: After the installation is complete, open the browser and Use http: // localhost/wsusadmin to access the WSUS management interface. Of course, you can directly enter the computer name or IP address to access the page: // softer/wsusadmin.
Step 9: enter the correct user name and password. Enter the Administrator account and password of the Windows2003 system.
Step 10: After successfully logging on to WSUS for the first time, we will see the "synchronization server, start now" display information in the "pending items list" below. Click this option to set WSUS. (9)

 

Figure 9

The
Step 11: The synchronization option setting interface provides many parameters. Due to limited space, we cannot explain them in detail. The most commonly used is "manual synchronization" or "daily scheduled synchronization" under "planning ".
". There are also settings below "products and categories". We can select the product categories available for updates at the product, in addition to windows, as well as office, exchange, SQL, and other products.
Both the patch and update package can be released through WSUS. In the "Update category" section, you can also set the patch categories for download in detail, such as whether to provide driver download and other information. (10)

 

Figure 10

Step 2: After "product and category" and "Update category" are set, we also need to select the updated language type. At the bottom of the interface above, there is an "Advanced synchronization option ", we can set the updated language to Chinese (simplified ). (11)

 

Figure 11

Step 2: click "Start synchronization" on the left of Figure 9 to start the synchronization function of the server. The server will connect to the Microsoft Update Server to download the patch for later client updates. (12)

 

Figure 12

Step 2: Wait about two to three hours to complete the patch update. Of course, the specific time is determined based on the number of patches you choose. Since most of my company's operating systems are Win2000, I only chose to update the 2000 Patch package and the driver.
Step 2: you cannot provide the Patch Update Service after downloading the update package. We also need to review and approve the downloaded security and key updates. Click "review security and key updates" in the pending items list ". (13)

 

Figure 13

Step 2: select all patches on the "Update" page. The simplest way is to press Ctrl + A to select all patches. Select Change Approval under update task on the left ". In this way, all the patches downloaded will be installed with approval. If you do not want the client to download an update, you do not need to select the patch name. (14)

 

Figure 14

Step 2: In the approval update window, select "Install" from the approval drop-down list and click OK. In this way, all clients can download and install the patch just approved. So far, all settings on the server have been completed. (15)

 

Figure 15

Step 2: we also need to set the client computer below, because patches are downloaded by default through Microsoft's official Update Server. We need to manually change it to the address of the created WSUS server. First, start the Group Policy through "start-> Run-> enter gpedit. msc" in the taskbar.
TIPS: if the company uses a domain-based network, you can directly set a group policy on the domain controller.
Step 2: Right-click "Local Computer Policy"> "Computer Configuration"> "manage template" and select "add or delete template. (16)

 

Figure 16

 

Responsible editor Zhao Yi zhaoyi # 51cto.com Tel: (010) 68476636-8001