15

Rather than having all of my computers go out to the internet and download their Automatic Updates, I am seriously considering building a WSUS server. That is, a Windows Update server. I have read some articles, and they have been helpful, but not complete. The following is what I have gleaned are the steps I need to take:

  • Commission a computer to be the server with Windows 2003 Server.
  • Install the WSUS package(s) and select the type of updates to check for.
  • Configure the rest of my computers to be clients of this server.
  • Set the clients to receive updates from the server.

My questions are as follows:

  • Does the server have to run Windows 2003 Server, or will Windows XP Professional work?
  • Where do I download the WSUS packages from?
  • How can I configure my computers to look for updates from my server instead of the internet?

Thanks!!

Jeff Atwood
  • 12,994
  • 20
  • 74
  • 92
eleven81
  • 417
  • 6
  • 13
  • 29

4 Answers4

17

Does the server have to run Windows 2003 Server, or will Windows XP Professional work?

Yes, Windows Server is required.

Where do I download the WSUS packages from?

Microsoft's website: WSUS 3.0

How can I configure my computers to look for updates from my server instead of the internet?

There's a deployment guide & a step-by-step guide that explains it all in detail. The executive summary is:
If your computers are members of a domain, then you can use group policy.
If your computers are stand alone, then you will have to modify the registry of each machine. THis KB covers both scenarios.

Nick Kavadias
  • 10,758
  • 7
  • 36
  • 47
3

1: I would run it on server 2003.

2: http://technet.microsoft.com/en-us/wsus/default.aspx The install is fairly simple. A whole bunch of "next" and "yes" You have to pay attention to the port number though, that must be the same port number to put in the group policy.

3: The easiest way is to issue domain group policy on the automatic updates

Group Policy location:

Computer Configuration --> Administration Templates --> Windows Components --> Windows Updates In the server field you input your local WSUS server.

RateControl
  • 1,207
  • 9
  • 20
3

The only thing I will add to the other excellent answers is a warning.

WSUS uses a lot of disk space, especially if you configure it wrongly. Make sure you only download the languages you want or you will need over a terabyte of disk to hold everything.

Richard Gadsden
  • 3,696
  • 4
  • 28
  • 58
  • Oh, good catch. I do a package clean up every month. – RateControl Nov 11 '09 at 17:25
  • Especially be careful of enabling "express" packages. These reduce the amount of data transferred between the WSUS clients and server/s, at the expense of greater bandwidth usage between the WSUS server and the Internet. Express packages are good if you have a number of smaller sites connected over slower WAN links, where implementation of a full WSUS server is not cost effective. The common setup is to have 1 WSUS server per site. You can designate one as your master to minimise administration. – ThatGraemeGuy Dec 19 '09 at 11:15
  • Oh, and "express" packages are on average 4x or 5x larger than regular updates, which eats disk space on the server. – ThatGraemeGuy Dec 19 '09 at 11:16
2
  1. Server 2003 is more reliable.
  2. Download from Microsoft. You will also need to download latest .NET Framework and MS Report Viewer 2008.
  3. Your WSUS server should be set as intranet update site GPO and updates should be set enabled - there are many other options, but those are required.
alexm
  • 458
  • 3
  • 11