Windows Server Update Services
12/03/16 11:01 Filed in: Windows
A run through of Windows Server Update Services.
Windows Server Update Services - WSUS, WUS, SUS or whatever you like to call it. Possibly one of the daftest names for something I've seen in a long time…..Aaaanyway.
This is the role you can use to cache, download, and deploy Windows Updates out to your estate under your control - I.e you can control both what updates the clients get, and how they get them - I.e. From the Internet or from your servers. The latter bit being a common usage - download to one distribution point, and then distribute out to your estate rather than all the machines downloading over the Internet.
There's lots of different architectures out there. The Technet article here is great at explaining them, and what the options are.
Prepare for Your WSUS Deployment
Most organisations don't find this a difficult process or product to deploy - the ones that do, in my experience, have the problems because they try and massively over-complicate the deployment model for WSUS. Keep it simple - keep it working!
The video below runs through the process of setting up a single server, how to get your clients talking to it, and how to approve/install basic updates.
I produced it for a specific request, but I thought it would be useful to share.
Oh, by the way, if you have Windows 10 machines in your estate ensure your 2012 R2 WSUS server has this update installed. If it doesn't, your Windows 10 machines will show up as Windows Vista - and nobody wants that.
Update to enable WSUS support for Windows 10 feature upgrades
Another thing to watch out for is specifying the servers in your group policy - make sure you put the port in, otherwise I find that the clients just don't find the WSUS update server, and you never see the clients register.
This bit - note the port numbers of 8530 and 8531 (http and https respectively), and don't do what my brain keeps doing which is put 8350 and 8351 and sit there wondering why it's not working.
The other piece of advice is that you should be patient once the group policy has applied - it can take a while for the machines to start appearing in the management console. That's just fact, it takes a while.