Solved

Good WSUS Set up guide

Posted on 2014-03-24
12
490 Views
Last Modified: 2016-02-20
Hi Guys, im looking to deploy and configure WSUS on a new server and was wondering what would be the best way to configure. We have a mix of XP win 7, 2008 and 2003 + Citrix servers.

Thanks in advance
0
Comment
Question by:cwstad2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39951674
Its standard step by step process

Check s for step by step
http://www.petenetlive.com/KB/Article/0000592.htm
http://technet.microsoft.com/library/dd939822(WS.10).aspx

Let us know if you have any specific questions

Above guides will answer most of questions
0
 
LVL 15

Author Comment

by:cwstad2
ID: 39952430
hi I have already set up the software but is there a configuration which you guys use, especially when configuring groups

thanks
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39952567
Specify how to assign computers to computer groups. There are two options: server-side targeting and client-side targeting. With server-side targeting, you manually add each computer to its group. With client-side targeting, you automatically assign the computers by using either Group Policy or registry keys

Server-side targeting - Easy for small numbers of clients, doesn't require that clients can process group policy. Administratively burdensome for large numbers of clients or for clients that change roles and need to have their client group membership dynamically updated. For non-domain-joined clients this is the easiest way to get them into client groups.

Client-side targeting - Requires that clients either be able to process Group Policy (i.e. a member of a domain) Works well if you plan on having client group membership change based on moving the AD object that represents the client between OUs (move from "Staging" to "Production" OUs for new system deployments and want client group membership to change automatically).

I use both at different Customer sites. I find server-side targeting more flexible insofar as making "quick changes" (because I don't have to mess w/ Group Policy and I can see the results of my changes reflected immediately), but client-side targeting will require GPO to be updated to reflect the changes

If your environment is big, you should use client side targeting to avoid manual work
Check below links for more info, in reality its your choice.
http://prajwaldesai.com/how-to-configure-client-side-targeting-in-wsus/
http://technet.microsoft.com/fr-fr/library/cc708574(v=ws.10).aspx

Mahesh.
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 15

Author Comment

by:cwstad2
ID: 39955670
Thanks. If there are other wsus servers in other offices, do they need to be individually configured

thanks
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39955709
You can have separate WSUS servers at branches \ offices and then you need to create GPOs on OU basis (Where your location computer resides) which tells machine in branch to look for particular WSUS server (Branch WSUS Server)  

In case of update downloading, you can configure your branch WSUS servers to download updates from Hub WSUS server (Up stream server). Note that Hub site WSUS servers must be configured to fetch updates from internet via windows update

OR

you can download updates from internet via windows update directly


Mahesh
0
 
LVL 15

Author Comment

by:cwstad2
ID: 39956373
Great advice thanks. One last thing can the updates and reboots be configured to happen once a month I can only see days

thanks
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39956672
Unfortunately there is no option to set for months

What you can do, you can keep schedule install may be on every Monday and after 1st week just unlink policy from OU may be for next TWO \ THREE weeks

Again when next month will come enable GPO link

In reality MS is publishing patches every Tuesday

Mahesh
0
 
LVL 15

Author Comment

by:cwstad2
ID: 39958145
Thanks does that mean that if there are any new updates each tuesday that the servers will reboot?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39958182
Why, reboot is not mandatory for every update and you can suppress server reboot with same WSUS group policy
Check all settings under computer configuration\administrative templates\windows components\windows update in WSUS policy

Mahesh.
0
 
LVL 15

Author Comment

by:cwstad2
ID: 39958260
I wish I could give you more thank 500 points as you've been more than helpful. as a last note what do you specify in your GP for the servers and clients.

Thanks
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39958291
For clients,
If update required reboot, client will restart, it by design. You can enable No auto-restart with logged-on users for scheduled automatic updates installations setting and  Automatic Updates does not automatically restart a computer during a scheduled installation if a user is logged on to the computer. Instead, Automatic Updates notifies  the logged-on user to restart the computer to complete the installation

For servers,
configure option 4 and scheduled installation at non-working hours, in this case updates will automatically install, and if it's require reboot servers will reboot and you need to make sure that servers moved in ON-LINE state after reboot
OR
configure option 3 ( by default option) so in this case update will be automatically downloaded, but not installed , so you can choose time to install updates by yourself

Actually for servers I prefer to install updates on servers with option 3 in batches in coordination with there dependencies  because I wanted the servers to be rebooted in the presence of IT administrators so that post reboot checks can be performed

Check below link for some more information
http://community.spiceworks.com/how_to/show/1390-wsus-gpo-settings-for-the-real-world

Mahesh.
0
 
LVL 15

Author Comment

by:cwstad2
ID: 39963656
awesome thank you
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question