Windows Server 2022: Install, Configure, and Deploy Windows Server Update Services (WSUS)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone what's going on it is stephen wagner with the tech journal at www.stephenwagner.com today we are adding yet another video to the series that i've been working on titled windows server 2022. in the last video we created a member server and joined it to a windows server 2022 domain and in this video we are going to be installing configuring and deploying wsus also known as windows server update services just to give you a quick brief overview about wsus windows server update services is a service that comes on windows server that allows you to manage and maintain windows updates for your corporate environment and active directory domain essentially system administrators use wsus to approve decline stage and push updates to windows servers as well as windows clients it's a really powerful service i want to say platform or or software but it's built in it's just a service inside of windows server uh that essentially allows you to just keep your environment up to date it's it's great i use it for customers i use it my own environment um you can configure it so that on the server that you have set up you configure an update store so all the updates that you approve um of course you only approve the ones that are needed uh get downloaded to a certain directory on the server and then instead of you know let's say that you have 12 servers running in like 50 workstations instead of all 12 servers and 50 workstations reaching out to windows update servers instead they'll just reach out to your windows server update services server and grab those updates substantially saving you on crazy amount of bandwidths allowing you to control which updates get deployed and uh giving you visibility into any updates that uh that your environment is actually having trouble deploying because there are some reporting capabilities that let you know if there's certain updates that are having issues getting installed onto workstations computers servers etc etc etc so nonetheless let's get to it so in the last video uh i'll just share my screen here you'll notice we have tn srv01 that is our windows server 2022 domain controller and we have our tn srv02 member server in the last video we installed windows server 2022 onto this virtual machine and we also joined it to the domain configured a static ip address and did that um before recording this video what i did do to this vid virtual machine though is i went ahead and added a secondary hard disk so i created a 400 gigabyte thin provision disk and the reason why i did that is because i want to have a a store for all the updates now these update stores can get rather large we're talking hundreds of gigs possibly even in the terabytes depending on how large your environment is now there are certain maintenance procedures that you can initiate that will clear updates that have been deployed so you don't have to keep maintaining them and that kind of stuff i'm not going to get into that into that in this video this video is strictly showing you how to install configure and deploy windows server update services on a windows server 2022 server so so i've created that hard disk too i haven't done anything inside of the operating system yet uh jumping to our network documentation so right here we've got tn-srv member server windows server services are marked as to be determined so we're just going to go ahead and change that to wsus we want to make sure that we keep this documentation up to date i'll be using this in all my future videos for this specific series and so let's get to it so i'm just going to power this box up and this is actually quite a fairly easy install to do um essentially you just add the server role configure it restart the server and then you have to modify something called group policy objects on your domain controller and what we're doing with the group policy objects is these are policies that get deployed to computers in the domain allows you to do central management and essentially using a gpo we will be telling servers workstations laptops on the domain to reach out to tn-srv02 instead of windows updates on the internet so we'll get to that once we do this so we're just going to go ahead and log into this machine [Music] and just to be safe we're going to open up our networking settings just make sure that we do have a static ip configured i'm usually pretty good at doing this but i just want to make sure so we've got 10.11 which is fantastic so to make this easy what we're going to do is we're just going to click on start and we're going to open up the server manager which in previous videos i showed you can add remove server roles features manage these server roles and features that we have installed into a whole bunch of other stuff so and actually what's really interesting is that if we really really wanted to we could actually open up server manager on the domain controller go to all servers and actually add tn srv02 to this list and we could actually remotely add the server role which is kind of pretty cool but for the purpose of this video just to keep it simple what i'm going to actually do is just go in on the actual server itself so we'll just go back to the dashboard oh and actually before we get started i almost forgot about this we have that second disk which i think was about 400 gigs so we need to format that and make it available to the system so what i'm going to do is i just want to see what driver letters are available so we've got c we've got d which is the dvd and so i'm going to go to start and i'm going to go to computer management inside of computer management i'm going to open up disk management and so here you'll see that we have a 400 gig disk that we haven't touched so i'm going to mark this puppy as online then i'm going to click on the unallocated space this should come online shortly we might have to go to refresh not a list oh sorry we have to initialize it um i'm going to do gpt i don't even it doesn't really make a difference we're not booting from it so it's not too big of a concern and then we're going to click on this new simple volume next we want to make sure that it takes advantage of all the available free disk space on that volume we're going to give it e and we'll just call this data or data data data we're going to do a quick format and so now if we close this you'll notice that inside of this pc we have the data drive e-colon with about 400 gigabytes of free disk space this is where we're going to be storing the wsus updates so now back to the server manager we want to install the wsus role so we're going to click on manage add roles and features and click on next it's going to be a role based installation we're doing it on tn-srv02 which is this server and if we scroll down you'll see windows server update services i was hoping that it would show us but so these are the features that are required as a prerequisite for wsus so you know there's not much you can do about this but just i just want to show this in the video just so that you're aware it does install some components wsus uses iis internet information services to provide wsus to your network so that's interesting and fun fact so we'll just click on add features so here we've got windows server update services checked we'll click on next and again we don't it automatically added the features that we need so we don't need to touch anything inside of the feature list so now since we're installing and we've selected wsus this is going to show up in the list now and uh so essentially allows administrators not to manage the download and installation of updates from the microsoft update website to the local network so we'll just go ahead and hit next we don't need to touch any of these default settings if you have a drive formatted with ntfs and at least six gigs of free space you can use it to store updates now this is very very important because this is where we're going to choose the path for the disks uh choose the path for the updates to be saved so we want to make sure that we do this properly because if we leave it to the c drive to the default if we don't select anything what's going to end up happening is that it's going to fill the c drive up to the point where there's not going to be any room and that's why we created the 400 gig disk so please store updates in the following location choose a valid local path on tns rv or remote so what we're going to do here is we're just going to open up the file explorer go to the data drive we're going to create a new folder and we'll just call this wsus and so the full path just by clicking on the address bar here is ecolon wsus and so we're just going to paste that in there and then it tells us about how it uses iis there's some extra options here we don't really need to select anything because we're not touching any of this so just to take a look at the list we'll just go ahead and hit next and again it gives us the option to restart the server once the rules are installed successfully i don't like to do this again i don't have any other software running in the background but i don't like it when servers automatically restart themselves just in case you have notepad open with notes or you have applications running or processes running or something is going on so i'm not going to have that checked but i'm going to go ahead and hit install and so this might take a little bit of time so what i'm going to do is i'm going to shut off the webcam and probably speed this footage up until it gets to the point where we can do something else and we're back feature installation has completed and you'll see that configuration is required now inside of the summary here you don't want to jump the gun and hit close because there are tasks to complete now if you were to accidentally hit close um you'll see that up here we have a notifications flag if you accidentally close the wizard there's pending notifications so you'd actually for example launch post installation tasks if you were to click on this flag you'd be able to do the same from there so don't worry too much but if you accidentally close it that's how you would recover it so uh next up windows server update services additional configuration must be performed before continuing we're going to go ahead and launch the post installation tasks and i believe this should open up a window it's been a little while since i've done this i don't know if we should take bets whether or not this is actually running something in the background that will just automatically complete or if it's going to open up a wizard that we need to continue i do know that there is an additional wizard but i don't know if it gets launched right now or if it gets launched when we open up the wsus mmc so you'll notice that briefly there was a process running but then it disappeared it could be wrong but this might actually be preparing the wsus uses sql express uh sorry not sql express exactly it uses something called wid which stands for windows internal database wid is i guess you could call it a sister to sql express um very similar you can even use sql management studio to manage it if you know how to connect to it um it actually i believe it stores all the databases inside of c colon slash windows slash wid and i believe that that's actually what's happening right now at this moment is that it's preparing it because you'll also see that windows powershell is running there in the background which i believe means that the system is doing something so i'm going to go ahead and hit close here and then i'm just going to keep an eye on the task manager just for a little while longer wsus can be very fragile at times you want to make sure that if you kick off a task that you give it up the amount of time that it takes to complete there's also maintenance that has to be done on the database so if you're running this on a day-to-day base very frequently you need to clean up the database there's an assortment of a couple sql scripts that you can use which will re-index the database get rid of old updates and then also inside of the wsus mmc you also have the ability to use a server cleanup wizard which i recommend you do very very frequently because if it gets to the point actually all the time it gets the point where if you don't run it and you let enough data accumulate as it's running those cleanup tasks what's funny is that on older versions i don't know if it applies to windows server 2022 but on previous versions what would happen is that would kick off a maintenance task and the mmc would actually time out and you would lose the connection to wsus and i believe that this was due to iis i have a couple uh blog posts on my blog that cover how to increase this timeout to avoid corruption but it can actually result in corruption to the point where you actually have to reinstall ws us from scratch which is not fun so again i'm not going to get in that video but it's just something worth noting do your own research check out my blog look for those blog posts just jump into the search and type in wsus you'll find a whole bunch of content relevant to this that'll help you deploy maintain and keep your environment running smooth so i'm just going to assume at this point we don't have too much cpu usage that wsus has completed we're going to click on the notifications flag here it says that post deployment configuration has been completed we're going to clear this out configuration required which we already took care of we're going to clear that out and we'll go ahead and close this now what i'm going to do is i'm going to click on start and i'm going to type in windows server update services so you can see that it installed the mmc we're going to click on this guy and so here's the initial configuration wizard so it just goes in to make sure that the firewall is allowed to allow clients to access the server connect to the internet because you want to make sure that it has internet access to download the index of the database of windows updates as well as the updates themselves and then some stuff about proxy servers we're going to go ahead and hit next no we would not like to join the microsoft update improvement program but thank you very much we are going to now with wsus you have the ability to synchronize directly from microsoft update or in larger and more complex environments you might actually have a master wsus server sitting at the top of a hierarchy that you actually have a number of smaller wsus servers syncing from that upstream server that way you have some control over to what you can approve and the updates you can cache higher up and then have that distribute to a number of other sites this is very handy if you have an organization with multiple locations that are separated and you don't want to have a whole bunch of traffic going over the vpn for example let's say that you had two locations you had 100 computers at office a 100 computers at office b now if you had the 100 computers at office b connecting over the site to site vpn connecting to the wsus server at office a that would mean that if you had one single update it would have to replicate that update 100 times to those 100 workstations if you had a secondary wsus server or if you had it and had that configured and then had the main setup as an upstream it would download the update once to that second wsus server and then so it would consume the amount of bandwidth to copy the update once and then that would distribute it to the 100 computers at office b so again it's about planning the network understanding the environment you're working with and thinking of this to optimize bandwidth usage configuration deployment and that sort of thing so we're just going to be synchronizing from microsoft update we do not need a proxy server so we're going to hit next and here we're going to have to do our initial connection if i remember from the past this can take a long time however i just upgraded my internet connection to a full one gig up and one gig down connection so technically this might not take too long all depending on how busy microsoft's servers are and how fast the connection is to their data center i was really hoping to see a little bit more traffic going across the line there and actually what i'm going to do is i'm going to turn off the webcam and we'll speed this up so you don't have to live through all right so it took that a little while to complete what is it it's 1002 i think i started about 12 14 minutes ago so the taskbar is full of green and we can now click on next so here we have our language selection in my case i am only going to install updates for the english language and that actually removed it so we'll just make sure that's checked and then just scroll those are all the available languages so we're going to hit next so here is product selection now some system administrators are very very lazy and just select everything um i think in quite a few versions of micro i think it was back in the day of microsoft small business server it actually shipped with everything i usually like to go through here and only select what's needed now this might take a while so i'm just going to probably mute the microphone and just skim through here but essentially we're looking for later versions of windows server we're looking for later versions of windows 10 we're looking for windows server update services pretty much any components that we want to use let's say that we were planning on deploying microsoft exchange we would want to make sure that microsoft exchange was selected for the specific version that we're going to install and actually i'll just guide you through this so we don't need works oh jesus is a big list so here's windows we'll choose all the versions of windows 10 windows 11. we'll get rid of windows 2000 because it's end of life we'll get rid of windows 7 because it's end of life we'll get rid of all of eight point one eight we don't need windows embedded some of the stuff you might not know what it is so be very careful because you might deselect a component that's actually required for your environment so just keep that in mind when choosing this definitely don't need updates for windows server 2003 or 2008 or 2012. now i don't know if this applies but we are we do have a active directory that while it is installed on windows server 2022 you'll remember from the previous video that it runs at a windows server 2016 functionality level i highly doubt that we'll need any updates from windows server 2016 but i'm going to keep it selected as well as server 2019 just in case it shouldn't create too large of a payload you'll notice there's some other things in here like windows server drivers windows server manager to keep the server manager up to date we definitely don't need vista we don't need xp we don't need microsoft works we don't need windows small business server we don't need windows live essential business server we don't need windows embedded azure pack i'm going to leave selected just because there is quite a bit of microsoft azure integration with windows server 2022 i may need this for future videos so i'm going to leave that selected if you're not planning on doing anything in your environment you could probably deselect it windows admin center is another thing that i'm probably going to do a video on so i'm going to leave that selected don't need virtual server don't need systems management server you also don't need scc [Music] now you'll remember that i mentioned that wsus sits on top of wid which is uh derived from sql management from sql express so i am going to leave sql server because i believe that there might be some updates for it inside of there i don't know what's what version of sql express wd w id is based off of in windows server 2022 so it's best for just for me to leave those all selected we're gonna get rid of skype for business leave silverlight we'll keep powershell now microsoft office i don't know if i have any plans on deploying this but we will get rid of 2002 2003 2007 2010 2013. we don't need office communication server network monitor you'll see that there's a lot of products that we don't actually require we don't need microsoft lync we don't need health vault i'm kind of surprised that's actually inside of there i think they've actually end of life to health vault we don't need dynamic crm that is a very large package more azure stuff we don't need internet security and acceleration server we don't need the high performance computing pack don't need forefront i don't know what expression is i've never seen that before exchange we might be doing a video on this so i am going to keep exchange 2016 and 2019. developer tools will keep that we don't need this talk server we'll keep bing probably don't need to but we'll keep it sure iot we do not need file sync i might be doing a video on that so we'll keep that and again i'm sorry that you have to go through the pain of watching me individually select these anyways we're good to go so now we can finally hit next now we move on to classifications so you'll notice that we got critical updates definition updates so critical updates are going to be security updates for attacks that are zero day or high high criticality i don't even know if that's a word then we have definition updates which are going to be the definition updates for windows defender uh driver sets we won't use because we don't i don't know if i wanna they're they're pretty large and i've noticed in the past that windows server update services has a problem selecting the actual drivers that are required i think i tried it a couple times and for some reason it was telling me that a specific machine needed a ton of drivers and it didn't and it really screwed things up and it downloaded some very large packages so we're going to skip drivers we're going to skip driver sets we are going to select feature packs we are going to select service packs tools updates role update rollups and updates so we'll hit next now here is the sync schedule which schedules wsus to reach out to microsoft servers and and re-download that index of updates so keep in mind that this doesn't actually download updates if you have any automatic approvals then it will automatically download those after the synchronization is done if it detects new updates it'll download it but this is strictly just for the index of updates so we're going to have this go automatically and we will set it for 3 am every morning and actually let's do two synchronizations per day these synchronizations can be very large so if you split it up it'll free up the resources of the system quite a bit and then of course we're finished the wizard and so we have the option to do the um initial synchronization now keep in mind that this probably will take some time and i think that this will actually be a very large payload this is just again the index of the update so we'll hit next we sorry we checked that box begin initial synchronization we hit next and then of course we hit finish and so here we have the windows server update services mmc we'll expand the server name so from the overview on the left you'll see the server you'll see the updates all updates critical updates security updates wsus updates you'll also see computers now no computers know how to reach out to this wsus server as of yet once we configure the gpos the group policy objects and deploy those and they take effect on the the machines whether it be a windows server or a windows 10 workstation once they learn how to reach out to the wsus server when we go in here we'll actually be able to go to computers status any refresh and it'll actually show us the computers that have reached out to the server you'll also notice that we have downstream servers so if this was an upstream server in this list we would actually see downstream wsus servers going back to that example that i was talking about earlier with the second office b with 100 computers and here we've got some information on synchronizations that you can use for troubleshooting and there's also reports that you can run and then finally we have options and so everything that we configured in the initial wizard you can find inside of options here so we can go in here we can update the source we can change it to an upstream server microsoft updates we can configure a proxy server we can also change the products and classifications we can see the update files and languages we can change the synchronization schedule you can also configure automatic approvals now some system administrators like to do this i don't like to install any updates that i don't know what they are especially because there was a couple years back where there was a few microsoft updates windows updates that caused some issues um so in my case i did not have automatic approvals enabled which means that i was actually able to go in and select the problematic updates that were actually killing some workstations and decline them to stop them from getting installed onto the systems this saved a huge headache for me especially when i was managing i think around 400 systems across six different clients so now if we go to you'll also notice that we have computers and the server cleanup wizard this is the cleanup wizard that is very very very important to run on a regular basis i'm not going to click on it just because i believe that the system is doing its initial synchronization but there's about six or seven different options where you can clean up computer data you can clean up update data you can remove superseded updates you can remove updates that aren't required anymore and that sort of thing we also have reporting roll up email notifications the microsoft improvement program and some personalization so what we're going to do is we're just going to click on the server tnsrv02 and you'll notice this is the main panel that you'll always be looking at and you can see that synchronization status is running it's sitting at about 10 percent um i probably will have to step away and let this run but i just wanted to show you what it looks like and if we open up task manager we should be seeing some traffic no we're not actually while we do the initial synchronization let's jump over to the active directory server and configure the group policy object to point computers towards the windows server update services server now you'll notice that we jumped on to tnsrv-01 which is our domain controller so we're just going to log on here and so what i'm going to do is i'm going to open up start and i'm going to go to group policy management now i always use these shortcuts where i just click and start and type in the first couple letters of the words but again you can either do this method or you can click on start and go to windows administrative tools and then you'll notice that it's also listed inside of here so i always cheat and do the shortcut but you can do anything and actually if you go in this way you can actually see what other mmcs are available so we'll just open up group policy management so once this opens up we're going to expand the force we're going to expand the domain so this is the general view of the gpo mmc so we have our default domain policy we have a folder that contains all of our group policy objects so we have our domain controller policy and we also have our default domain policy and so now i've seen some really sloppy system administrators just go into the default domain policy and assign it there typically you do not want to do this what we're going to do is we're going to go to group policy objects and we're going to right click and create a new policy we're going to call this wsus gpo so you'll see that it's in the list it has in on the right side here you'll see the links you'll notice that it hasn't been linked to any sites domains or ou's as of yet security filtering is set to authenticated users which is completely fine and if we go to settings this is a report of all the settings configured you'll notice that we actually have no configured settings again because it's brand spanking new so what we'll do is we'll just right click on w wsus gpu go to edit we're going to maximize this window and i believe if we go to computer configuration preferences and geez i thought i had it on my other window here bear with me while i look this up very quickly it's always fun trying to find the location of certain group policy object configuration so computer configuration preferences oh no sorry it's under policies administrative templates windows components and then i think we sneak down to windows update and so here's all the settings and the tunable items for windows update so now there's in in my environment there's actually quite a few configuration options i've changed the big one is what we want to do today is just have the clients reach out to the wsus server and so to do that we are going to look for something that starts with s so we're looking for specify intranet microsoft update services location and so when we open this you'll see that it's not configured which means that it's set to default um in a default environment windows update will just connect directly to windows update or microsoft update we're going to double click on this we're going to go to enabled and this is where we actually specify our options for what we want to do so set the intranet update services for detecting updates now what we're going to do is we haven't done any special configuration so technically in a perfect world if you're doing a production deployment you would want to enable ssl assign an ssl certificate and have all the wsus traffic going over ssl now there's no username and passwords it's strictly update information so to my knowledge and feel free to correct me in the comments of this video but there's nothing that's really too security sensitive that goes across this line with the exception of the data showing how out of date certain computers are now i don't know how often this type of information gets intercepted i've never heard of an incident i'll leave that up to you but technically in the perfect world you would want to have ssl but you might probably be able to get away with not using it so i'm just going to type in http colon slash and then we're going to type in tn srv02 and the default port is 8530. now if it was running over ssl it would be https colon slash tn srv02 and the port instead of 8530 it would be 8531 and then what we're going to do is we're going to copy and paste this to the internet statistics server and then we don't need an alternative download server i don't think we need to configure any of these other items and it's just configured to use the system proxy we don't need a proxy but we'll just leave that to default so we're just going to go ahead and hit apply and hit ok now i'm just looking through my list here i just want to make sure there's nothing else important so there's a couple other things that you could take a look at if you want to so if we jump into there should be one called configure automatic updates so i'm not going to touch any of these settings in this video but if you did want to you technically could at the same time jump in here you could enable this gpo tunable uh you know configure automatic updating actually let's do this so we're going to set it to auto download and notify for install and it's going to check every day at 3 am we're not going to install during automatic maintenance and we're just going to hit apply ok and then there's uh one update here that i'm gonna briefly mention if you are familiar with managing windows 10 machines there is another tunable now if this is your first time don't pay attention anything that i'm doing here but there is i don't know where this setting is i think it's called system so now when you do a fresh install of windows 10 there are components like language packs voice and speech packs if you have an environment that you're running wsus typically that it this might have changed in the last couple years but in the past these packs were not part of the wsus line of patchable updates or payloads so essentially you could you know for example whether in the you're in the united i think it ships standard with the united states but if you're in canada and you wanted to install the the canadian language and voice and speech pack uh for example to use cortana or bing what would happen is that it would attempt to download the uh the speech packs but it would fail because it would actually be reaching out to the wsus server which doesn't have those updates i don't even think it chose to approve them and so i have a blog post again feel free to go to my blog search for wsus and you might find this post but this specific option if you enable this you can configure it so that if the windows 10 workstation needs to install a component such as the voice packs that's not on wsus this will actually reach out to microsoft update servers to install the optional components as well as component repairs so this is pretty handy so what we do is uh it's pretty simple we just hit enable and then we can select uh download repair content and optional features directly from windows update instead of windows server update services and in this case it'll bypass the approvals for those specific optional components um but it'll allow them to install and pass so we'll just for the sake of this video we'll just turn that on again this isn't required this is just for those speech packs and and stuff like that so now that we've configured that we're going to close the gpo editor so we have the settings here but it's not applied now in a normal environment let's say that you had a whole bunch of servers you had a whole bunch of computers you know if you open up active directory users and computers you know inside of here under computers you'd create um you'd create a folder or an ou for your servers you create an ou for servers workstations laptops the whole deal and then from that point on what you would do is you would apply this you'd create a gpo for your member servers you'd create a gpo for your domain controllers you created a gpo for your workstations uh one that's specific to wsus so you can control how they install so for example like you would want your windows 10 workstations to automatically install updates every morning and at three o'clock in the morning however you do not i repeat you do not want your domain controllers or member servers to install those updates and automatically restart at three o'clock because your servers technically should be running backups right and so you can see why on servers you would want to have scheduled maintenance you don't want the servers installing updates on their own and you don't want them restarting the servers on their own and that's why you would actually have different policies now for this specific example what i'm going to do is i'm just going to this is against best practice i'm going to take the wsus gpo and i am going to link this so i just drag and drop it over to stephenwagner.com and this is going to do a blanket over the entire domain so here it says do you want to link the gpos that you have selected is doing so we're going to hit yes so now you're going to see that stephenwagner.com it has the default domain app policy applied to it as well as the wsus gpo now on the right hand side you're also going to see the status here link enabled yes security filtering to authenticated users details we've got everything configured technically we could disable user configuration settings because we're only using the computer configuration settings i'm just going to leave this because that's on beyond the scope of this video and if you go to settings and we go to show all you'll see that when we scroll down we've got computer configuration and these are the gpo settings that get applied and now that we've done this we can actually go ahead and close out of the gpu manager so i'm going to click on start we're on the we're still on the domain controller i'm going to open up an administrative command prompt and in here i'm going to type in gp update slash force and what this does is this tells the system that you run this command on to do a group policy update and force those settings sometimes it'll tell you that a restart is going to be required other times that it's not you can see in this case that it's not so i'm going to hit exit and technically now the domain controller if we go to windows updates you'll notice now that it says some settings are managed by your organization and that's actually because of those gpo settings and actually you can see it right here policies that are set on the device device intranet update server service for detecting updates has been set download automatically set automatic update options so you can tell that these these settings took effect now what i want to do is usually you'd see something that says check for updates so i don't know if it's reached out to the wsus server yet i'm going to kick those off oh actually here we go check for updates so we're going to hit that and then i'm going to open up so now we're back at tnsrv02 so we're going to press ctrl delete and you'll notice that it's still synchronizing we're at now 14 however if we go to computers all computers and hit refresh you'll notice that we now have one computer out of one shown and actually further on that if we open up a command prompt on tnsrv02 right click run as administrator and type in gp update force this will also update the uh the gpo objects on tnsrv02 once that is completed we can click on start settings go to update and security and of course there's quite a few updates we'll hit update now now keep in mind that it should show up in here eventually but you have to click on the check for updates once that first initial communication is done and it calls out to the server and says hey are there any updates the registration is done and it should show up in here unfortunately there were still some pending updates direct from windows updates and so what that's why this is running but you will notice it says some settings are managed by your organization which is a good sign what i'm going to do here is i'm just going to go back to tnsrv02 we're still synchronizing here i'm going to turn off the microphone turn off the audio and we'll just let this continue to run and hopefully it'll finish so that we can i can show you how to do some update approval and show you what this looks like and i'm back now as you can tell i'm wearing a different shirt one thing that i neglected to mention was that the first synchronization that you do with windows server update services can actually take anywhere from 12 to 72 hours depending on the speed of your computer as well as the speed of your internet connection now this time requirement i believe is strictly due to the fact that i'm using windows internal database wid there are limitations again it uses sql express so even if you have six eight cores i think it can only use a certain amount of cpu cores and they do this for licensing reasons and there's also memory usage and handling uh limitations which apply to sql express now if you have microsoft sql server i believe it's a little bit different and you can actually max that out which technically should help with the the initial synchronization so here we are it's a new day i started it i think at 10 o'clock am yesterday and as you can see with me sharing the desktop down here it's reporting that the last synchronization completed at 3 14 a.m this morning so that actually took quite a bit of time now one thing you'll notice here is that looking down to computers needing updates we now have two so if we head over to all computers and hit refresh you'll notice that we now have both servers tn srv01 and tnsrv02 and this is because um throughout the night the uh the new server actually went out and checked and um yeah so it's pretty interesting now if we go to all update if we go to all updates this is the panel and the administration interface that you're going to be using to approve or decline these updates so you'll notice here that the filters for this list what we're looking at is the approval status is unapproved and the status of the update is either failed or needed so technically you could change this to needed but it also takes care of failed as well so that works so as you can see right now there actually are some pending updates so i'm going to show you how to to accept these so now if you wanted to accept or decline these i'm going to use the shift key so you can either use the shift key and select all or you can individually select them and hold the control button and select the certain updates that you want to do then you right click go to approve and for all computers we're going to mark them as a proof for install so you'll notice that the options here are approved for install approved for removal not approved and applied to children so we're just choosing the highest item in the hierarchy and choosing a proof for install so we're going to go ahead and hit okay and what we do is we accept the the turn license terms for all the updates on behalf of all the users and i think that's just because it's a fresh install it's very rare to actually see that on a normal deployment and so you'll see that approval completed without errors see below for details so we'll hit close now if we refresh this list it's going to be blank because those are now approved so they're no longer going to be showing up in this filter you can also search for approved updates declined updates and any updates except for declined we're just going to leave it to default so now if we click on the actual server itself tnsrv02 you'll now notice that under download status it's reporting that updates need sorry updates needing files isn't seven files and it's also currently in the process of downloading these windows updates so we're we've got about 75 megabytes of 1.1 gig of updates downloaded and further on if we could jump back to computers it'll actually tell you uh installed and not installed so for example tnsrv01 has 99 of updates installed and same thing with tns rv-02 now when you click on this if you look down we've got updates with errors are zero we've got updates needed r6 updates installed we have 11 196 updates and then there's seven updates with no status so now if there's further reporting capabilities with wsus but if we were to click on this unfortunately it tells us that you need the microsoft report viewer 2012 redistributable so in order to install that there's a couple other prerequisites i think there's an sql component that needs to be installed there's also some other components but essentially you can click on that and it'll actually give you detailed information on updates that are failing or that need to be installed and so just to show you this while it's still downloading updates i think if we go in here and choose check for updates i'm not too sure if it has to download the entire batch before yeah so you'll notice that they're still not available even though it's in the process of downloading but as soon as this download completes they should be made available to the server so at this point i'm just going to speed up the video and i'll demo the installation of the updates and we're back so now you can see that the last synchronization result has succeeded there are zero files remaining required and so now we'll just go back to windows updates and we'll hit check for updates and now there can be a delay after the files are downloaded because what happens is that there's a number of changes that have to go into the wid database to make the updates available so even though the files are downloaded sometimes the updates might not be immediately available in our case you'll notice that we had two updates available there and now we've got microsoft silverlight available and that's pretty much it uh there's not much else to show there's some uh more group policy objects that you can modify to tailor to your environment as to how you want to have handle the windows update patching but that's pretty much it i hope you enjoyed the video please make sure that you like the video if you already haven't subscribe to the channel and feel free to leave me any questions or comments or feedback in the comment section thanks everyone i hope you had a great day

Info

Channel: SW The Tech Journal

Views: 1,740

Rating: undefined out of 5

Keywords: Windows, WindowsServer, WindowsServer2022, WSUS, Windows Server Update Services, Guide, HowTo, VMware, ESXi, VirtualMachine, Demo, Demonstration

Id: VTCzszyiFz4

Channel Id: undefined

Length: 50min 43sec (3043 seconds)

Published: Sat Sep 25 2021