Solved

Good WSUS Set up guide

Posted on 2014-03-24
12
462 Views
Last Modified: 2016-02-20
Hi Guys, im looking to deploy and configure WSUS on a new server and was wondering what would be the best way to configure. We have a mix of XP win 7, 2008 and 2003 + Citrix servers.

Thanks in advance
0
Comment
Question by:cwstad2
  • 6
  • 6
12 Comments
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Its standard step by step process

Check s for step by step
http://www.petenetlive.com/KB/Article/0000592.htm
http://technet.microsoft.com/library/dd939822(WS.10).aspx

Let us know if you have any specific questions

Above guides will answer most of questions
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
hi I have already set up the software but is there a configuration which you guys use, especially when configuring groups

thanks
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Specify how to assign computers to computer groups. There are two options: server-side targeting and client-side targeting. With server-side targeting, you manually add each computer to its group. With client-side targeting, you automatically assign the computers by using either Group Policy or registry keys

Server-side targeting - Easy for small numbers of clients, doesn't require that clients can process group policy. Administratively burdensome for large numbers of clients or for clients that change roles and need to have their client group membership dynamically updated. For non-domain-joined clients this is the easiest way to get them into client groups.

Client-side targeting - Requires that clients either be able to process Group Policy (i.e. a member of a domain) Works well if you plan on having client group membership change based on moving the AD object that represents the client between OUs (move from "Staging" to "Production" OUs for new system deployments and want client group membership to change automatically).

I use both at different Customer sites. I find server-side targeting more flexible insofar as making "quick changes" (because I don't have to mess w/ Group Policy and I can see the results of my changes reflected immediately), but client-side targeting will require GPO to be updated to reflect the changes

If your environment is big, you should use client side targeting to avoid manual work
Check below links for more info, in reality its your choice.
http://prajwaldesai.com/how-to-configure-client-side-targeting-in-wsus/
http://technet.microsoft.com/fr-fr/library/cc708574(v=ws.10).aspx

Mahesh.
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
Thanks. If there are other wsus servers in other offices, do they need to be individually configured

thanks
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
You can have separate WSUS servers at branches \ offices and then you need to create GPOs on OU basis (Where your location computer resides) which tells machine in branch to look for particular WSUS server (Branch WSUS Server)  

In case of update downloading, you can configure your branch WSUS servers to download updates from Hub WSUS server (Up stream server). Note that Hub site WSUS servers must be configured to fetch updates from internet via windows update

OR

you can download updates from internet via windows update directly


Mahesh
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
Great advice thanks. One last thing can the updates and reboots be configured to happen once a month I can only see days

thanks
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Unfortunately there is no option to set for months

What you can do, you can keep schedule install may be on every Monday and after 1st week just unlink policy from OU may be for next TWO \ THREE weeks

Again when next month will come enable GPO link

In reality MS is publishing patches every Tuesday

Mahesh
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
Thanks does that mean that if there are any new updates each tuesday that the servers will reboot?
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Why, reboot is not mandatory for every update and you can suppress server reboot with same WSUS group policy
Check all settings under computer configuration\administrative templates\windows components\windows update in WSUS policy

Mahesh.
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
I wish I could give you more thank 500 points as you've been more than helpful. as a last note what do you specify in your GP for the servers and clients.

Thanks
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
Comment Utility
For clients,
If update required reboot, client will restart, it by design. You can enable No auto-restart with logged-on users for scheduled automatic updates installations setting and  Automatic Updates does not automatically restart a computer during a scheduled installation if a user is logged on to the computer. Instead, Automatic Updates notifies  the logged-on user to restart the computer to complete the installation

For servers,
configure option 4 and scheduled installation at non-working hours, in this case updates will automatically install, and if it's require reboot servers will reboot and you need to make sure that servers moved in ON-LINE state after reboot
OR
configure option 3 ( by default option) so in this case update will be automatically downloaded, but not installed , so you can choose time to install updates by yourself

Actually for servers I prefer to install updates on servers with option 3 in batches in coordination with there dependencies  because I wanted the servers to be rebooted in the presence of IT administrators so that post reboot checks can be performed

Check below link for some more information
http://community.spiceworks.com/how_to/show/1390-wsus-gpo-settings-for-the-real-world

Mahesh.
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
awesome thank you
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now