Microsoft has released in its Insider program the new version of Windows Server which is the bet for corporate environments offering administrators a wide set of functions so that data management is as complete as possible, Windows Server 2022 is no stranger to these options and that is why the use of roles is key to increase server productivity and one of the fundamental roles for administration tasks is WSUS..
WSUS (Windows Server Update Services - Windows Server Update Services) is a role that basically gives us the opportunity to implement the update options of all the most current Microsoft product portfolio, this covers all types of products for both servers and for client computers.
This WSUS role facilitates administrative tasks since it will be possible to install, manage and distribute updates to all computers in the domain automatically, saving manual tasks for such operation..
WSUS allows us to:
- Have an update management automation available for Windows and its products
- Have various Windows PowerShell cmdlets to manage administrative tasks in WSUS
- Security improvements since we have the SHA256 hash privacy level
- Function of separation between client and server, so the versions of the Windows Update Agent (WUA) can be delivered independently of WSUS so as not to apply them to all computers in the domain
- Centralized management of updates
To implement WSUS on Windows Server 2022, the following minimum requirements will be necessary:
- 1.4 GHz x64 processor, 2 GHz or higher recommended
- 100 Mbps or higher network adapter
- 10 GB available disk space, 40 GB recommended to accommodate downloaded updates
We see how to install this role in Windows Server 2022.
To stay up to date, remember to subscribe to our YouTube channel! SUBSCRIBE
Install WSUS on Windows Server 2022
First, we validate the version of Windows Server with "winver":
We open the Server Manager and select "Add roles and features":
The following wizard will be displayed:
Click Next and select "Role-based or feature-based installation":
In the next window we choose the server in which the role will be installed:
Next, we locate the "Windows Server Update Services" box:
We activate your box and the following will be displayed:
We add the characteristics and we will see the selection of the river:
Click Next and in the Features window we do not modify anything:
In the next window we will see a summary of the WSUS role:
In the next window we select the WSUS roles:
- WID Connectivity: it is a service whose task is to install the WID database
- WID Services: its role is to manage all WSUS services
Click Next and we will see this:
We activate the "Store updates in the following location" box and enter the desired path where the downloads will be hosted, in this case we go to the Explorer and copy that path:
We paste it in the respective field:
We click on Next and we will see a summary about the roles of the IIS (Internet Information Services) web server:
In the following window it is possible to select the desired role services:
After this we will see a summary of the role to install in Windows Server 2022:
Click Install to complete the installation:
At the end we will see the following:
We click on "" Start post-installation tasks "to complete the process:
At the end of this we will see the following. We click Close to exit the wizard.
Now we go to "Tools - Windows Server Update Services":
The following wizard will be displayed:
Click Next and we can participate or not in the improvement program:
In the next window we activate the box "Synchronize from Microsoft Update":
We click Next and now we define whether or not we will use a proxy server:
Click on "Start Connection" to download Microsoft products:
Upon completion of this download we will see the following:
Click Next and select the languages available for updates:
Then we choose which products will be available to receive updates through WSUS:
In the next window we confirm the type of updates to download:
There we activate the boxes as necessary and click Next to define the synchronization method to use:
Click Next and we will see the following:
Click Next to complete the process:
Click "Finish" to finish the WSUS configuration on Windows Server 2022.
We will be redirected to the WSUS console to see details of the available updates:
In the WSUS console we click on the "Options" category:
We double click on "Computers" and in the displayed window we activate the "Use group policy or computer registry settings" box. Click Apply and OK to apply the changes.
We go to the "Teams" section, right click on the "All teams" line and select "Add group of teams":
We assign the name to the group:
Click Add and we see the group created:
Now we go to the Server Manager and select "Tools / Group Policy Management":
We right click on the Organizational Unit of the teams that will be linked to WSUS and select the option "Create a GPO in this domain and link it here"
We assign the desired name and apply the changes:
We right click on the created GPO and select the Edit option:
In the open window we go to the path "Computer Configuration - Policies - Administrative Templates - Windows Components - Windows Update", first of all we select the policy "Configure Automatic Updates":
We edit the policy and activate the "Enabled" box, then select option 3 - "Automatically download and notify installation" in the Configure automatic update field. Apply the changes by clicking Apply and OK.
Now we edit the policy "Specify the location of the Windows Update service on the intranet"
We edit this policy, enable it and in the field "Establish the intranet update service to detect updates" and "Establish the intranet statistics server" we enter the syntax http: //Equipo.Dominio: 8530 . We apply the changes.
Then we go to the policy "Enable client-side recipients":
We edit the policy and activate the "Enabled" box, in the "Target group name for this computer" field enter the name of the created group. We apply the changes.
We go to the client computer of the domain, we access the command prompt as administrator and there we execute:
gpresult / r
This takes care of updating the domain policies on the computer. Now we initialize Windows Update with the command:
Wuauclt.exe / reportnow / detectnow
Finally we go back to Windows Server 2022, and in the WSUS console and in the policy we can see the computers where the configuration has been applied:
Now we will go to "Updates / All updates", we right click on any update and choose "Approve":
Now we select the GPO created and choose "Approved for installation":
We will see the following:
Click OK to install said update:
Thanks to WSUS we have the best alternative to manage everything related to updates in Windows Server 2022 and domain computers..