We will talk about how to install and configure the WSUS role on Windows Server 2019.
Windows Server Update Services (WSUS) is an update service that allows administrators to centrally manage the distribution of patches and security updates.
WSUS was included in the OS as one of the roles.
limitations to installing WSUS role services
- WSUS database server cannot be a domain controller.
- WSUS server cannot be a Remote Desktop Services terminal server at the same time.
Install and Configure WSUS on Windows Server 2019
Step 1: Add WSUS Role
To install WSUS, open Server Manager and go to Management - Add Roles and Features.
Add the Windows Server Update Services role.
Step 2: Add all the necessary roles and components.
Add all the necessary roles and components, so you won’t have to configure anything else separately.
Step 3: Use Windows Internal Database
WSUS suggests using the Windows Internal Database (WID) as the default storage.
For small implementations, we see no reason in installing a separate SQL server; this will not give any significant advantages.
Step 4: Choose Role services
In our case, you will need to select the WID Database and WSUS Services options, if you intend to use a SQL server, then instead of the WID Database you should select the Database option.
The database server itself should already be deployed to your network by this point.
Step 5: Indicate the location of the update repository
Indicate the location of the update repository, we recommend that you allocate a separate hard disk or disk partition for these purposes.
Step 6: Run after installation tasks
It is also possible that only information about updates will be stored on the WSUS server, the update packages themselves, after they are approved and appointed by the administrator, will be downloaded from Microsoft servers.
It will be convenient for small companies with a good Internet channel; indeed, for the sake of a dozen machines, organizing local storage does not make much sense, especially if WSUS is not the only role of this server.
If you selected an external database, you will also need to specify the parameters for connecting to the SQL server.
After which you can proceed to install the role, a reboot is not required.
After installation, click on the flag with a yellow exclamation mark in the Server Manager and click Run after installation tasks, wait for the procedure to complete (the exclamation mark will disappear).
Step 7: Choose the source of synchronization
The role installation can be considered complete and proceeds to the WSUS configuration.
In short, you first need to choose the source of synchronization: the Microsoft server or the upstream WSUS server.
Step 8: Choose languages and products.
Then choose languages and products.
Step 9: Choose Classifications
Choose Classifications
Step 10: Set the parameters for automatic synchronization
And set the parameters for automatic synchronization.
Step 11: Specify the rules for automatic approval
The initial synchronization process may take a long time, depending on the selected set of products and classes, as well as the speed of your Internet channel.
Do not forget to specify the rules for automatic approval and approve already downloaded updates.
Step 12: Specify intranet Microsoft update service location
You will need to tell clients the location of your WSUS server, this can be done via Group Policies: Computer Configuration - Policies - Administrative Templates - Windows Update - Specify intranet Microsoft update service location.
Or in local policies: Start - Run - gpedit.msc, then Computer Configuration - Administrative Templates - Windows Update (Windows Update) - Specify intranet Microsoft update service location
The path to the server should be written as http: // SERVER_NAME: 8530, while we recommend that you explicitly specify the service port.
After some time, computers will begin to receive updates and appear in the server console, where you can get detailed information on already installed and required updates.