Skip to main content

How do you push Windows Updates from the Server to Clients?

To push updates from the Server to the Client, you will want to download and install Windows Server Update Services (WSUS).

WSUS Requirements

  • Microsoft Internet Information Services (IIS) 6.0. For instruction about how to install IIS, see the “Deploying Microsoft Windows Server Update Services” white paper or Help and Support Center in Windows Server 2003.

  • Microsoft .NET Framework 1.1 Service Pack 1 for Windows Server 2003. To obtain this software, go to the Download Center at http://go.microsoft.com/fwlink/?LinkId=47358.  An alternative is to go to http://www.windowsupdate.com and scan for Critical Updates and Service Packs – Install Microsoft .NET Framework 1.1 Service Pack 1 for Windows Server 2003.

  • Background Intelligent Transfer Service (BITS) 2.0. BITS 2.0 for Windows Server 2003 is not available from the Download Center at this time. To obtain this software, go to the Microsoft Web site for Windows Server Update Services Open Evaluation at http://go.microsoft.com/fwlink/?LinkId=47357.

  • Windows SQL Server™ 2000 Desktop Engine (WMSDE).  This database software is installed by default on Windows Server 200.

To install WSUS on Windows Server 2003

  1. Double-click the installer file WSUSSetup.exe. Note: The latest version of WSUSSetup.exe is available on the Microsoft Web site for Windows Server Update Services at http://go.microsoft.com/fwlink/?LinkId=47374.

  2. On the Welcome page of the wizard, click Next.

  3. Read the terms of the license agreement carefully, click I accept the terms of the License Agreement, and then click Next.

  4. On the Select Update Source page, you can specify where clients get updates. If you select the Store updates locally check box, updates are stored on the WSUS server and you select a location in the file system to store updates. If you do not store updates locally, client computers connect to Microsoft Update to get approved updates.

  5. Keep the default options, and click Next.

  6. On the Database Options page, you select the software used to manage the WSUS database. By default, WSUS Setup offers to install WMSDE if the computer you are installing to runs Windows Server 2003. If you cannot use WMSDE, you must provide a SQL Server instance for WSUS to use, by clicking Use an existing database server on this computer and typing the instance name in the SQL instance name box. For more information about database software options besides WMSDE, see the “Deploying Microsoft Windows Server Update Services” white paper. Keep the default options, and click Next.

  7. On the Web Site Selection page, you specify the Web site that WSUS will use. This page also lists two important URLs based on this selection: the URL to which you will point WSUS client computers to get updates, and the URL for the WSUS console where you will configure WSUS. If you already have a Web site on port 80, you may need to create the WSUS Web site on a custom port. For more information about running WSUS on a custom port, see the “Deploying Microsoft Windows Server Update Services” white paper.

  8. Keep the default option and click Next.

  9. On the Mirror Update Settings page, you can specify the management role for this WSUS server. If this is the first WSUS server on your network or you want a distributed management topology, skip this screen. If you want a central management topology, and this is not the first WSUS server on your network, select the check box, and type the name of an additional WSUS server in the Server name box. For more information about management roles, see the “Deploying Microsoft Windows Server Update Services” white paper.

  10. Keep the default option and click Next.

  11. On the Ready to Install Windows Server Update Services page, review the selections and click Next.

  12. When the final page of the wizard confirms that WSUS installation was successfully completed, click Finish.

To open the WSUS console

  1. On your WSUS server, click Start, point to All Programs, point to Administrative Tools, and then click Microsoft Windows Server Update Services.
Note: You must be a member of either the WSUS Administrators or the local Administrators security groups on the server on which WSUS is installed in order to use the WSUS console.
If you do not add http:// to the list of sites in the Local Intranet zone in Internet Explorer on Windows Server 2003, you might be prompted for credentials each time you open the WSUS console. If you change the port assignment in IIS after you install WSUS, you need to manually update the shortcut on the Start menu. You can also open the WSUS console from Internet Explorer on any server or computer on your network by entering the following URL: http://WSUSservername/WSUSAdmin

To synchronize your WSUS server

  1. On the WSUS console toolbar, click Options, and then click Synchronization Options.

  2. Under Tasks, click Synchronize now.
To add the WSUS Administrative Template

  1. In Group Policy Object Editor, click either of the Administrative Templates nodes.

  2. On the Action menu, click Add/Remove Templates.

  3. Click Add.

  4. In the Policy Templates dialog box, click wuau.adm, and then click Open.

  5. In the Add/Remove Templates dialog box, click Close.
To configure the behavior of Automatic UpdatesIn Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
  1. In the details pane, double-click Configure Automatic Updates.

  2. Click Enabled, and then click one of the following options:

    • Notify for download and notify for install. This option notifies a logged-on administrative user prior to the download and prior to the installation of the updates.

    • Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates.

    • Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.

    • Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.

  3. Click OK.

Note: The setting Allow local admin to choose setting only appears if Automatic Updates has updated itself to the version compatible with WSUS.

To point the client computer to your WSUS server
  1. In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.

  2. In the details pane, double-click Specify intranet Microsoft update service location.

  3. Click Enabled, and type the HTTP URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http://servername in both boxes.

  4. Click OK.

Note: If you are using the Local Group Policy object to point this computer to WSUS, this setting takes effect immediately and this computer should appear in the WSUS administrative console in about 20 minutes. You can speed this process up by manually initiating a detection cycle.

After you set up a client computer, it will take a few minutes before it appears on the Computers page in the WSUS console. For client computers configured with an Active Directory-based GPO, it will take about 20 minutes after Group Policy refreshes (that is, applies any new settings to the client computer). By default, Group Policy refreshes in the background every 90 minutes, with a random offset of 0 to 30 minutes. If you want to refresh Group Policy sooner, you can go to a command prompt on the client computer and type: gpupdate /force.

For client computers configured with the Local GPO, Group Policy is applied immediately and it will take about 20 minutes.

Once Group Policy is applied, you can initiate detection manually. If you perform this step, you do not have to wait 20 minutes for the client computer to contact WSUS.
To manually initiate detection by the WSUS server
  1. On the client computer click Start, and then click Run.

  2. Type cmd, and then click OK.

  3. At the command prompt, type wuauclt.exe /detectnow. This command-line option instructs Automatic Updates to contact the WSUS server immediately.


http://www.smartnetadmin.com
Labels:

Comments

Post a Comment

Popular posts from this blog

Access Denied (policy_denied). Your system policy has denied access to the requested URL. For assistance, contact your network support team.

While browsing the internet, you may encounter the message: "Access Denied (policy_denied).  Your system policy has denied access to the requested URL.  For assistance, contact your network support team."   This message indicates the internet traffic is being filtered.  The most common source of an internet traffic filter is in corporate environments that use a proxy server or a firewall appliance designed to filter web traffic.  Some businesses are configured as satellite locations using a VPN tunnel.  In these configurations, the VPN may be configured to filter internet traffic.  In rare instances, the Internet Service Provider is filtering internet traffic.  Typically though, your IT Department or a Network Management Team has configured your internet traffic to be filtered.  Isolating Source of Web Filtering In an environment that is unmanaged and the source of the filtering is unknown, following are some steps you may wish to peform: Th...
3 comments
Read more

How do you stop an unstoppable Windows Service?

You may encounter a Windows Service in Services that has the buttons for Start, Stop, Pause and Resume greyed out.  If you attempt to stop the Service using sc stop [servicename], you encounter the error message: "The requested control is not valid for this service."  To resolve this issue, please perform the following steps: Click Start - Control Panel - Administrative Tools - Services. Double-click the relevant Service. Change the Service Start-Up Type to Disabled. Click Apply. Click OK. Hit CTRL-ALT-DEL on your keyboard. Select Task Manger. Perform an End Task on the relevant Service. This issue has been resolved. http://www.smartnetadmin.com
Post a Comment
Read more

The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

You may encounter the following error message when using the L2TP/IPSec VPN Client that is native to the Windows Operating System: "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."  This error message typically occurs when you are using the wrong Pre-Shared Key for your L2TP VPN.  This error message can occur when other components of your configuration are incorrect but the first thing to confirm is that you are using the correct Pre-Shared Key. If you are using the wrong Pre-Shared Key, the L2TP VPN connection will say Connecting for a long period of time and then display the error message: "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." If you are using the wrong username or password, the L2TP VPN will immediately respond with: "The remote connection was denied b...
1 comment
Read more