What is Wsus Server ?
Are You Windows Geek ? Have You heard about patch management.
Probably you also meet with the word "Patch Monday"
Microsoft releases security , critical and many more patches time to time to fix the issue bugs and many issue with their windows OS to make sure the OS is working fine and secure too.
Wsus Server used to deploy patches for windows clients and manage all patchmanagement activities like approve updates,declined updates,removal of updates,reporting and centrlised patch management.
You can use WSUS to fully manage the distribution of updates that are released through Microsoft Update to computers on your network.
This topic provides an overview of this server role and more information about how to deploy and maintain WSUS.
WSUS Server role description
- Can be added and removed by using the Server Manager
- Includes Windows PowerShell cmdlets to manage the most important administrative tasks in WSUS
- Adds SHA256 hash capability for additional security
- Provides client and server separation: versions of the Windows Update Agent (WUA) can ship independently of WSUS
Can We Manage Wsus Server With Powershell ? Answer is Yes
Give you a great functionality and task automation facility with PowerShell, With PowerShell it will be more powerful !
For system administrators to automate their operations, they need coverage through command-line automation. The main goal is to facilitate WSUS administration by allowing system administrators to automate their day-to-day operations.
In earlier versions of the Windows Server operating system, there were no Windows PowerShell cmdlets, and update management automation was challenging. The Windows PowerShell cmdlets for WSUS operations add flexibility and agility for the system administrator.
Guidesfor planning, deploying, and managing WSUS
Wsus is for deployment of updates and upgrades for Microsoft products
WSUS is a Windows Server role that can be installed to manage and
distribute updates.
A WSUS server can be the update source for other WSUS servers
within the organization.
The WSUS server that acts as an update source is called an upstream
server.
In a WSUS implementation, at least one WSUS server in the network must connect to Microsoft Update to get available update information.
This guide provides information for planning and deploying
Windows Server Update Service.
Before Installing Wsus Server
System Requirements
·
Server hardware requirements to enable WSUS role are bound to
hardware requirements. The minimum hardware requirements for WSUS are:
o Processor: 1.4 gigahertz
(GHz) x64 processor (2 Ghz or faster is recommended)
o Memory: WSUS requires an
additional 2 GB of RAM more than what is required by the server and all other
services or software.
o Available disk space: 40 GB or greater
is recommended
o Network adapter: 100 megabits per
second (Mbps) or greater (1GB is recommended)
Note
These guidelines assume that WSUS clients are synchronizing with the server every eight hours for a rullup of 30,000 clients. If they sychronize more often, there will be a corresponding increment in the server load.
·
Software Requirements:
o For viewing reports, WSUS requires the Microsoft Report Viewer Redistributable 2008.
On Windows Server 2016, WSUS requires Microsoft Report Viewer Runtime 2012
· If you install roles or software updates that require you to restart the server when installation is complete, restart the server before you enable the WSUS server role.
· Microsoft .NET Framework 4.0 must be installed on the server where the WSUS server role will be installed.
· The NT Authority\Network Service account must have Full Control permissions for the following folders so that the WSUS Administration snap-in displays correctly:
o %windir%\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
This path might not exist prior to install Web Server Role that contains Internet Information Services (IIS).Note
%windir%\Temp
Confirm that the account you plan to use to install WSUS is a member of the Local Administrators group.
During the installation process, WSUS will install the following by default:
· .NET API and Windows PowerShell cmdlets
· Windows Internal Database (WID), which is used by WSUS
· Services used by WSUS, which are:
o Update Service
o Reporting Web Service
o Client Web Service
o Simple Web Authentication Web Service
o Server Synchronization Service
o DSS Authentication Web Service
WSUS requires one of the following databases:
· Windows Internal Database (WID)
· Any supported Microsoft SQL Server version. For more information, see Microsoft Lifecycle Policy.
The following editions of SQL Server are supported by WSUS:
· Standard
· Enterprise
· Express
Note
SQL Server Express 2008 R2 has a database size limitation of 10 GB. This database size is likely to be sufficient for WSUS, although there is no appreciable benefit to using this database instead of WID. WID database has a minimum RAM memory requirement of 2 GB beyond the standard Windows Server system requirements.
You can install the WSUS role on a computer that is separate from the database server computer. In this case, the following additional criteria apply:
1. The database server cannot be configured as a domain controller.
2. The WSUS server cannot run Remote Desktop Services.
3. The database server must be in the same active directory domain as the WSUS server, or it must have a trust relationship with the active directory domain of the WSUS server.
4. The WSUS server and the database server must be in the same time zone or be synchronized to the same Coordinated Universal time (Greenwich Mean time) source.
