Install and Configure WSUS

Right click Roles. Then select Add Roles. Click Next. Select Windows Server Update Services. Select Add Required Role Services. Click Next. Click Next. Select any further IIS components. Click Next. Click Next. Click Install. The Server must be connected to the internet to update the service. CAUTION the installation will fail if no internet connection can be detected.

Use the buttons below to navigate through the lesson


After the service has been updated the setup wizard will launch. Click Next to continue. Accept the License Agreement. Then click Next. A required component has not been detected this can be installed later. Click Next. Select where to store updates locally. Then click Next. Select whether to store the database locally or use an existing database server. Then click Next.

Select Use the default website. Then click Next. Click Next to continue. Setup is working.  Click Next to continue. Select whether to join the Improvement program or not. Then click Next.  Select Synchronize from Microsoft Update.  Then click Next. If a Proxy Server is in use on the network select use a proxy server and fill in the details Then Next. Select Start Connecting. Click Close to complete the installation.

Expand Windows Server Update Services. Select Update Services. From here you can see status of the service and you can manually synchronize updates. Before synchronizing select Options.

Server Options

Update Source And Proxy Server Configure the upstream WSUS server or configure the WSUS server to retrieve updates from Microsoft. You configure this during installation and rarely need to change it unless you modify your WSUS architecture.

Products And Classifications Choose the Microsoft products that WSUS will download updates for. You should update these settings when you begin supporting a new product or stop supporting an existing product (such as an earlier version of Microsoft Office).

Update Files And Languages Select where updates are stored and which languages to download updates for.

Synchronization Schedule Configure whether WSUS automatically synchronizes updates from the upstream server and how frequently.

Automatic Approvals Configure updates for automatic approval. For example, you can configure critical updates to be automatically approved. You should use this only if you have decided not to test updates for compatibility—a risky decision that can lead to compatibility problems with production computers.

Computers Choose whether to place computers into groups using the Update Services console or Group Policy and registry settings.

Server Cleanup Wizard Over time, WSUS will accumulate updates that are no longer required and computers that are no longer active. This wizard helps you remove these outdated and unnecessary updates and computers, freeing disk space (if you store updates locally) and reducing the size of the WSUS database.

Reporting Rollup By default, downstream servers push reporting information to upstream servers, aggregating reporting data. You can use this option to configure each server to manage its own reporting data.

E-Mail Notifications WSUS can send an e-mail when new updates are synchronized, informing administrators that they should be evaluated, tested, and approved. In addition to configuring those e-mail notifications, you can use this option to send daily or weekly status reports.

Microsoft Update Improvement Program Disabled by default, you can enable this option to send Microsoft some high-level details about updates in your organization, including the number of computers and how many computers successfully or unsuccessfully install each update. Microsoft can use this information to improve the update process.

Personalization On this page you can configure whether the server displays data from downstream servers in reports. You can also select which items are shown in the To Do list that appears when you select the WSUS server name in the Update Services console.

WSUS Server Configuration Wizard Allows you to reconfigure WSUS using the wizard interface used for initial configuration. Typically, it’s easier to configure the individual settings you need.

Select Update Files and Languages. Select Store updates files locally on this server. Then select Update Languages. By default updates are downloaded in all languages. Select Download updates only in these languages. Select Languages you require and click OK.

Select Products and Classifications.  Select or deselect products.  When all the products you wish to receive updates for have been selected, select the Classifications tab. Select the Classifications of updates then click OK.

Select Update Services then select Synchronize Now.  When synchronization has completed. The updates will need to be approved before being deployed to the client computers.  Select Approved to review and approve the updates.   Right click any update to be approved.  and select Approve. Select the computer group(s) the update will be approved for. Right Click and select Approved for Install.  Click OK.  Updates may be declined if not required for your network. Right Click the Update and select Decline.  Click YES to accept. Review and Approve all necessary updates.  Then select Computers.

Configure Computer Groups

In most environments, you will not deploy all updates to all clients at once. To give you control over when computers receive updates, WSUS 3.0 allows you to configure groups of computers and deploy updates to one or more groups. You might create additional groups for different models of computers or different organizations, depending entirely on the process you use for deploying updates.

You can configure computer groups in one of two ways:

  • Server-side Targeting Best suited for small organizations, you add computers to computer groups manually using the Update Services console.Client-side Targeting Better suited for larger organizations, you use Group Policy settings
  • to configure computers as part of a computer group. Computers automatically add themselves to the correct computer group when they connect to the WSUS server.

Whichever approach you use, you must first use the Update Services console to create computer groups.

By default all computers are placed in the All Computers group. To create a new group right click Computers. Select Add Computer Group. Specify a name for the group and click Add. Add as many groups as you require. Select Options. Select Computers to configure how to assign computers to groups. Select Use the Update Services console to manually assign computers to groups. (Server-side Targeting). Select Use Group Policy or Registry settings on computer to automatically assign computers to groups. (Client-side Targeting). Click OK to complete.