Microsoft Patch Management WSUS 3.0 Configuration (Part 2)

Note: The domain name, computer name etc. that i have used are for demo and a standalone lab only.

Launch the Windows Server Updates Services.

Select Options to view all WSUS configuration. We have to setup this first one by one.

Select Update Source and Proxy Server. Choose "Synchronize from Microsoft Update". The server must be allowed in your firewall to be able to download updates from microsoft website.

If you are using a proxy server to access the internet. Tick the "Use a proxy..." and enter the credentials if needed.

The product and classification option allow us to choose the updates for the specific products that we want and the classification of updates to download such as critical, security, commulative, service packs etc.

Choose "Store update files locally...". We also choose to download update files only when the updates are approved.

Choose download updates only in these languages ex. English. Downloading updates in all languages will consume more disk space.

We will be using Manual Synchronizarion for testing, but you can change it later according to your desired schedule.

We choose "Use Group Policy ..." to allow us the group management using GPO.

Now that we have configured WSUS server. We will prepare the groupings on how the machines will acquire updates from our WSUS.

Microsoft recommends to test all the patches prior to deploying it to all computers in your organization. We might encounter some OS or third party application issues after installing some updates.

In some cases, you would want to choose 3 or more computers from every departments who are using different applications to test the new updates. If no issue arises, then you may deploy it to all the machines in your organization.

As an example, we will create 2 groups:

Test Updates - Machines on this group are chosen to deploy and test updates.

Deploy Updates - Machines on this group are all the machines on your organization.

IMPORTANT: For new updates, approved only the installation to Test Updates group.

When finished preparing the groups. Click "Synchonize now" to get the list of available updates based on the products and classification that we have chosen.

NOTE: After the synchronization, WSUS server only lists the available updates. Updates will be automatically downloaded once we have approved it.

Proceed to Part 3 which covers the client update deployment via Group Policy.