WSUS Server installation and configuration

Source: Internet
Author: User
Tags server installation and configuration

Hardware installation requirements

The following requirements apply to the computer hardware configuration for WSUS service installation. For details about these requirements, see deployment and planning:

The partition file system that stores WSUS update files must adopt the NTFS format;

The system partition must have at least 1 GB of space remaining;

During local storage, the partition storing the content of the WSUS Update file requires at least 6 GB of free space, and 30 GB is recommended. For details, see deployment and planning;

The partition for WMSDE installation requires at least 2 GB of free space.

The hardware configuration of the server should be determined based on the number of clients of the service. For WSUS servers serving 500 client computers, we recommend that you use hardware configuration at least 1 GB of CPU/1 GB of memory.

Software Installation Requirements

WSUS servers can only be installed on Windows 2000 or Windows server 2003. When WSUS is installed on different operating systems, the installed software required by WSUS is slightly different, specifically:

Install the following software on Windows server 2003:

Internet Information Service (IIS) 6.0;

Backend intelligent transmission service BITS) 2.0; can be from FamilyID = 3fd31f05-d091-49b3-8a80-bf9b83261372 & DisplayLang = zh-cn download;

Microsoft. NET Framework 1.1 Service Pack 1 for Windows Server 2003, can you download from a Displaylang = zh-cn & FamilyID = download AE7EDEF7-2CB7-4864-8623-A1038563DF23;

Database software must be installed to install WSUS, but it is not listed here because WSUS is installed on Windows Server 2003 by default.™2000 Desktop Engine (WMSDE) database software. For a detailed description of WMSDE, see the deployment and planning document. The latest Windows server 2003 SP1 has met the preceding requirements. You only need to enable the Web COM + access and the Web service in the IIS component on the application server, other components are automatically configured when WSUS is installed.

Install the following software on a Windows 2000 Server:

Windows 2000 Server Service Pack 4, can be from Displaylang = zh-cn & FamilyID = download dc27b8c6-2a5a-4399-ad3d-4a97a25f41d9;

Internet Information Service (IIS) 5.0;

Backend intelligent transmission service BITS) 2.0; can be from Familyid = 3ee866a0-3a09-4fdf-8bdb-c906850ab9f2 & displaylang = zh-cn download;

And Microsoft SQL is fully compatible with database software, the use of MSDE is recommended, can be from Displaylang = zh-cn & FamilyID = 413744d1-a0bc-479f-bafa-e4b278eb9147 download;

Microsoft Internet Explorer 6.0 Service Pack 1; can be from a Displaylang = zh-cn & FamilyID = 1E1550CB-5E5D-48F5-B02B-20B602228DE6 download;

Microsoft. NET Framework Version 1.1 reusable package; can you download from a Displaylang = zh-cn & FamilyID = 262d25e3-f589-4842-8157-034d1e7cf3a3 download;

Microsoft. NET Framework 1.1 Service Pack 1; can it be from a Displaylang = zh-cn & FamilyID = a8f5654f-088e-40b2-bbdb-a83353618b38 download.

For installation on Windows 2000, IIS must have a Web site. Otherwise, WSUS installation fails.

We strongly recommend that you install the WSUS server on Windows server 2003. Before installing the WSUS server, you should configure the security of the server. I will elaborate on the security configuration of the WSUS server.

By default, WSUS Web sites use the default site in IIS. We recommend that you do this. WSUS adds some files and virtual directories to the existing default Web site, but does not affect the operation of the original Web site. You can modify WSUS Web site attributes, such as the host name header and the IP address bound to the site, as you modify common Web site attributes, make sure that the client computer can access the WSUS Web site through the Intranet Update Service Location configured in the Group Policy. However, you should not modify the virtual directory and directory structure of the WSUS Web site, and you must carefully consider before modifying the directory access permission.

# P #

You can install WSUS on an independent server, or on a domain member server or a domain controller. However, if you want to modify the level of the server where WSUS is installed in the domain, for example, upgrading the server from a domain member server to a domain controller or downgrading the server from a domain controller to a domain member server, you must first uninstall the WSUS server, after upgrading or downgrading, install the WSUS server. If you downgrade the domain controller that has the WSUS server installed to a domain member server, follow these steps:

Create a user account named ASPNET;

Run aspnet_regiis-I at the command prompt.

Then install the WSUS server.

You can download the WSUS server from Microsoft for free. The latest version is, And the size is 124 MB.


Double-click wsussetup.exe on the server after the server has been installed. I have installed Windows server 2003 SP1 on an operating system. This server is a domain controller in the WinSVR. ORG domain.

On the welcome WSUS Installation Wizard page, click Next;


On the license agreement page, view the license agreement, click I accept the terms in the license agreement, and click Next;


On the select update Source Page, select whether to update local storage as needed. For details, see deployment and planning. Here I select local storage update and then select the local storage path, the drive corresponding to this storage path must be in the NTFS file system format and have at least 6 GB of free space. click Next;

On the database options page, select the database type you are using. We recommend that you use the WMSDE database by default when installing Windows server 2003. If you want to use the existing SQL Server database Server on the local Server, choose to use the existing database Server on the computer and select the database Server instance. Here I accept the default installation of SQL Server Desktop EngineWindows on this computer), and then select the local path to store database files. The drive corresponding to this path must adopt the NTFS file system format and have more than 2 GB of available space; if it is the same as the local drive storing the updated file, the drive must have at least 8 GB of available space, select and click Next;

On the website selection page, you can select the default Web site on the TCP port 80, or create a Web site on the TCP port 8530. When using a custom Web site, you must include the port number in the update location address provided to the client computer. In order to automatically update the client, you must create a self-update Directory on the Web site that uses port TCP 80. For details, see deployment and planning. We strongly recommend that you use the existing IIS default Web site. Check the WSUS console access address and client computer access update location provided in the lower text box. click Next;

On the Image update settings page, select the role of the server. Depending on the WSUS management mode, WSUS servers have different roles. In the distributed management mode, the WSUS server can only be used as an independently managed server. In the centralized management mode, the WSUS server can be used as the independently managed server master server ), it can also be used as the replication server configured for the replication master server. For details, see deployment and planning. If you want to configure this WSUS server as a replication server, select this server to inherit the settings from the following servers and enter the server name and port number, this server is configured as the replication server of the target server. This configuration can only be performed when the WSUS server is installed. It cannot be modified after installation. Here, I will install this WSUS server as an independent management server without selecting any options. click Next;

On the "prepare to install Microsoft Windows Server Update Service" Page, review your selected configuration and click "Next;

At this point, WSUS starts to install. After a moment, the installation is complete. on the Microsoft Windows Server Update Services Installation Wizard Page, select start Web management tool and click Finish.


The WSUS Server installation is complete.

# P #

After the WSUS server is installed, you also need to configure the client computer to automatically update through the WSUS server. How to configure the client computer to automatically update through the WSUS server depends on your network environment: In the domain environment, you can use the domain-based group policy object (GPO); in a non-domain environment, you can use a local group policy object or directly modify the registry. After you deploy a group policy for automatic updates, the automatic updates in the control panel on the client computer will become invalid.

When you deploy a domain using a group policy, Microsoft recommends that you add a group policy object updated for WSUS, instead of modifying the default domain policy or default domain controller policy. Automatic Update is implemented through the Windows Update management template in the configuration Group Policy. The specific location is in Computer Configuration-> management template-> Windows Components-> Windows Update.

Because I deployed the WSUS server in the domain environment, I configured the client computer to use the WSUS server for Automatic Updates by adding the domain group policy object:

Click Start, click Administrative Tools, and then click Active Directory users and computers. In the pop-up Active Directory users and computers console, right-click the domain WinSVR. ORG, select properties. In the WinSVR pop-up window. in the ORG Properties dialog box, click the Group Policy label and then click Create;


Rename the new group policy object as WSUS Deployment, and click Edit;

In the pop-up Group Policy Editor, expand the computer configuration, management template, Windows components, and Windows Update in sequence. If you do not find the Windows Update template, you can right-click the management template, select Add/delete template, and then select Add % systemroot % infwuau. add the adm template.

In order for the client computer to normally obtain updates from the WSUS server, you must configure the following two options:

Configure Automatic Updates. You must set it to enabled and select the automatic update type as needed. For details about the differences between different automatic update types, see deployment and planning. Here, I Select Download notification and install notification, and then click OK;

Specifies the location of the Microsoft Update Service on the Intranet. Specify the WSUS Web site address in the enterprise's internal network. This address must be the address that can be normally accessed by the client computer. You can use an IP address or a computer name, but it is recommended that you always use FQDN. If you use FQDN, make sure that the client computer can resolve the FQDN properly. Here I have done DNS resolution, domain name to WSUS server, and because WSUS Web site uses the default Web site, so my WSUS Web site address is If the WSUS Web site uses a non-standard HTTP port, for example, the default custom WSUS Web site uses port TCP 8530, you must include your port in this address, that is, 8530. Enter the addresses in the text boxes and click OK.

Finally, in the close Group Policy Editor dialog box, click Close In the WinSVR. ORG attribute dialog box.

At this time, the Group Policy you just created has taken effect, but by default, the client computer refreshes the Group Policy every 90 minutes. The refresh time may be randomly shifted from 0 to 30 minutes. If you want to allow the client computer to refresh the Group Policy more quickly, you can run gpupdate/force on a client computer with Windows XP or Windows server 2003 operating system, run secedit/refreshpolicy on a Windows 2000 client computer.

For client computers configured using the local group policy, the Group Policy is applied immediately. However, after the group policy is applied, the client computer will detect available updates on the WSUS server in about 20 minutes. Only after the client computer communicates with the WSUS server, this computer is displayed in the computer list on the WSUS console.

Slave/detectnow command.

So far, WSUS Server Installation and client computer configuration are complete. You need to manage the WSUS server to synchronize the WSUS server with Windows Update, so that the client computer can obtain updates from the WSUS server, and configure and manage the WSUS server, see the WSUS operation guide.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.