Friday, September 6, 2013

How to install WSUS 3.0 SP2 on Windows Server 2012 Essentials

In Windows Server 2012 Essentials, you cannot install WSUS because the “Windows Server Update Services” role is missing in Server Manager.
The Windows Server Essentials team has released a hotfix that brings the WSUS role back to Windows Server 2012 Essentials. Use the following steps to fix and install WSUS 3.0 SP2 on the server:
  1. View the KB article 2762663 : “You cannot enable the Windows Server Update Service role in Windows Server 2012 Essentials
  2. To download the hotfix from the KB article, click the link :  

    Note: You will need to provide your email address and the hotfix download location will be emailed to you from hotfix@microsoft.com.
  3. Save the hotfix package on the server running Windows Server 2012 Essentials and install it. 
  4. Restart your server. 
  5. Turn on Windows Server Update Services(WSUS) as follows:
    1. Open Server Manager
    2. Click add Roles and Features,
    3. In Select Server Roles, select Windows Server Update Services, and finish the wizard.
      image

Sample WSUS configuration on Windows Server 2012 Essentials:

Here are some sample steps you can follow to continue the WSUS configuration, Once the WSUS installation has finished, you can see it in Server Manager or Start Screen. In the Server Manager, you will be prompted to run the Post-Installation task of WSUS which will let you choose the location to store updates on the server and then initialize the WSUS configuration.

Step 1: Configure WSUS server settings

  1. Launch the WSUS configuration wizard by using Tools > Windows Server Update Services in Server Manager.
  2. Click Next on the Before you begin screen.
  3. Please consider if you want to join Microsoft Update Improvement Program. If so, please choose Yes, I will like to join the Microsoft Update Improvement Program.
  4. On the Choose Upstream Server page, you have the option to synchronize the updates with Microsoft Update or with another WSUS server. If you don’t have upstream WSUS server, please choose Synchronize Microsoft Update.
  5. After selecting the proper options for your deployment, click Next to proceed.
  6. On the Specify Proxy Server page, select the Use a proxy server when synchronizing check box if you have a proxy in your network, and then type the proxy server name and port number (port 80 by default), user name and credentials in the corresponding boxes.
  7. Click Next.
  8. On the Connect to Upstream Server page, click Start Connecting. When it connects, click Next to proceed.
  9. Please choose update Language, Products, Classifications settings one by one.
  10. On the Set Sync Schedule page, choose whether to perform synchronization manually or automatically.
  11. On the Finished page, you have the option to start the synchronization now by selecting the Begin initial synchronization check box.
  12. After you click Finish, the configure WSUS task is done and the WSUS Management Console appears.

Step 2: Deploy WSUS settings to clients via domain GPO

  1. In the Group Policy Management Console (GPMC), create a new GPO and then right click the GPO, choose Edit.
  2. In the GPMC, expand Computer Configuration, expand Policies, expand Administrative Templates, expand Windows Components, and then click Windows Update.
  3. In the details pane, double-click Configure Automatic Updates.
  4. Click Enabled, and then click one of the following options under the Configure automatic updating setting:
    • Notify for download and notify for install. This option notifies a logged-on administrative user before you download and install the updates.
    • Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user before installing the updates.
    • Auto download and schedule the install. This option automatically begins downloading updates and then installs the updates on the day and time that you specify.
    • Allow local admin to choose setting. This option lets local administrators to use Automatic Updates in Control Panel to select a configuration option. For example, they can choose a scheduled installation time. Local administrators cannot disable Automatic Updates.
  5. Click OK.
  6. In the Windows Update details pane, double-click Specify intranet Microsoft update service location. By default WSUS will use port 8530 for HTTP and 8531 for HTTPS. For example, you can type http://servername or http://servername:8530
  7. Click Enabled, and then type the URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. You can type in the same address above and then click OK.

    image
On the client machines, we can run the command: gpupdate /force to force the client machine refresh the GPO settings on the computer. Once the new GPO settings are applied, you can go to Control Panel, open Windows Update and check the status. It will shows that the update settings are managed by the system administrator. If so, the Windows Update GPO was applied on the client machine successfully.

Step 3: Create computer group in WSUS console

  1. In the WSUS Administration Console, expand Computers, right-click All Computers, and then click Add Computer Group.
  2. In the Add Computer Group dialog box, specify the Name of the new test group, and click then Add. For example, a group called: Servers and a Group named: Clients
  3. Click Computers, and then select the computers that you want to assign to this new group.
  4. Right-click the computer names that you selected in the previous step, and then click Change Membership.
  5. In the Set Computer Group Membership dialog box, select the test group that you created, and then click OK.
Alternatively, you can use the following method to let the WSUS server atomically change computers’ membership in WSUS console.

No comments:

Post a Comment