For a long time now Windows Server Update Services from Microsoft represents the best possibility to handle, distribute and install updates in your Windows platform. Over the years WSUS scalable and stable architecture find its way to be one of the most mature Windows Server roles. But still any platform always can be improved a little bit more: adding […]
WSUS 3.0 SP2 Beta has been released to the public today, January 26. You can download it from Microsoft Connect at this link (remember to login with a Passport account): Windows Server Update Services 3.0 SP2 Beta. You will find all of these resources to download: WSUS 3 SP2 Beta x86 and x64 compilations Beta Scenario Instructions WSUS 3 SP2 Beta Deployment and Operations Guide. WSUS 3 SP2 Beta Step-by-Step Guide WSUS 3.0 SP2 Beta Overview New Windows Server and Client Version Support Integration with Windows Server® 2008 R2 Support for Windows 7® client Support for the BranchCache feature on Windows Server® 2008 R2 BranchCache is a new feature in the R2 version improves significantly end user experience at branch locations, by locally caching frequently used content on the branch office network. More info here on this document. Auto-Approval Rules New functionality lets you specify the approval deadline date and time. You can now apply a rule to all computers or to specific computer groups. Update Files and Languages This release provides improved handling of language selection on downstream servers. Cross-Version Compatibility The user interface is compatible between Service Pack 1 and Service Pack 2 for WSUS 3.0 on both the client and the server. Software Updates Stability and reliability fixes for the WSUS server, such as support for IPV6 addresses greater than 40 characters. The approval dialog now sorts computer groups alphabetically by group name. Computer status report sorting […]
Like you should know, WSUS gives you the choice, at the moment of installation, to choose a database instance where you would like to keep the WSUS database (SUSDB): Internal database (formerly known as SQL Server embedded), an existing database or an existing database on a remote computer. Sometimes, for example if you are just spiking about WSUS and you don’t want to install any version of SQL Server, you best choice would be the Internal Database option. But what happens if you change your mind later and you want to change the location of that internal database to a different drive? Or simply executing other tasks on the database, like generating a backup or shrinking? Fortunately there’s a way to connect to that DB without having to re install WSUS: Using SQL Server Management Studio Note: If you don’t have it, you can download the stand alone tool for SQL 2005 version: Microsoft SQL Server Management Studio Express; or you can download SQL Server 2008 Express Edition (the latest of the free SQL Server versions, includes among the tools the SQL Server 2008 Management Studio Express). 1. Open SQL Server Management Studio. In my case, I’m using SQL Server 2008 Express Edition. 2. Using the connection window, connect to this instance: \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query 3. You should see now in Object Explorer the database instance connection. Right-click on SUSDB –> Tasks –> Detach 4. Check the options for […]
Did you get the feeling that your WSUS was not downloading all the drivers that your clients needed? Well, let me tell you if you have that feeling probably you are right. WSUS does not automatically recognize or download all the drivers needed for all devices. Why is this happening? Because by default WSUS only receives and distributes drivers that are digitally signed by Microsoft (meaning that the driver was fully and properly tested by Microsoft). I’ve recently had several problems with machines that are part of my domain, like the newer IBM ThinkPad T60 and T61 models with Vista installations. Some of their drivers were missing and I had to use IBM official site to download them because WSUS did not recognize any updates on that machines. But you actually don’t have to worry, within a few steps you can configure your WSUS to import all the drivers that you are requiring by your clients. The only thing that must be clear to you first is the model of each device you need to update the driver (you can easily find out all the details by accessing the manufacturer’s official site, like IBM Lenovo downloads and support site). Here are the steps: 1 – Open your WSUS console and access “Action” and select “Import Updates”. The Microsoft Update Catalog site will appear 2 – Insert the model of the device that you need to update the driver. For example: […]
Now that we saw in the previous posts of WSUS (Part I and Part II) about the first steps of the deployment, we are going to take a quick look about handling the tool itself. Once you get to know the WSUS interface, you’ll see that everything it’s pretty much intuitive. You have to know that when there are tools like WSUS involved, the process of patching that you defined (testing the updates, defining how and when you’ll apply those updates, period of time involved, etc.) is the crucial matter to get WSUS work as you planned. In this case, the process it’s even more important than the technology. Let’s take a final look to the group policies. We already talk about that it’s a common best practice to implement different layers of GPOs, but which are the ones that you actually have to enable for each OU? This is an example of a GPO applied on an OU with all the testing computers. We decide that in those testing computers the updates will download and install automatically at a certain hour of the day. But what happens if that computer is not available at that time? Then you must use the option “Reschedule Automatic Updates schedule installations”, when you enable it, you can set that the updates will install on those computers at the moment that they become available again (you actually have to set only the minutes that […]
To pull off some of the best practices that we talked about on the first part of the WSUS 3.0 posts, we’ll take a look to some technical configurations. At this point you must already have set different OUs for the type of computers you have in your environment. This OU separation will help you to improve your patching process. · Group Policies Configuration If you are using Windows Server 2003, first of all let me say that you must install Group Policies Management Console to apply and access all of the policies on your domain, this tool gives you a nice interface to interact with those objects. But if you are using Windows Server 2008, this console comes integrated with the operating system, so there’s no need on installing it. Like you remember, on the first part we talk about applying different policies for different computers and also different levels of GPOs: A “common” GPO for the entire domain and over the OUs (and sub OUs if is the case) applying another GPO for more restrictive options. Let’s start then opening the GPMC and over our domain click on “Create and Link a GPO Here”: After we insert the proper name for our WSUS GPO, we right click on the GPO and select “Edit”. The “Group Policy Object Editor” opens. The location of the most important group policies that we need to configure are located in “Computer Configuration” -> […]
Fortunately there’s a lot of information on Microsoft WSUS official site about almost anything you want to know about how to get started with this powerful tool: WSUS 3.0 Overview Step-by-Step: Getting Started with WSUS 3.0 Deploying WSUS 3.0 This post it’s intended to help about the WSUS first configurations and recommendations about how to use it. When you install WSUS, the configuration wizard it’s pretty much self explained and with the Step-by-Step guide you shouldn’t have any problem. The first warning that we can make at this point it’s about the “Specify Proxy Server” step. If you have one on your network, like an ISA Server 2006, remember that this server use the 8080 port when it works as a proxy. Configure this port on the WSUS, otherwise your connection will fail. Always remember when you are selecting the languages of the updates and the products that you want to receive these updates, you should only select the ones that you actually need. Otherwise the duration of all synchronizations with Windows Update and the WSUS server will increase significantly. Note: The first synchronization of the WSUS server always takes a lot of time. When you have your WSUS server online it’s time to configure your environment. Here are some of the best practices: Best Practices · Test phase first Before applying any patch on your users’ computers or servers, you must always have a stage environment. Replicating all base […]
Technology and user experience enthusiast, book author, customer-focused in the Dell Technologies family. Sharing a few thoughts around evaluating, designing, implementing and managing IT solutions
Augusto Alvarez 