Installing and Configuring Windows Server Update Services on Windows Server 2012 R2 | Information Technology from Valdemar

This article is written for those who were searching for a detailed and simple for the understanding guide on how to install and configure Windows Server Update Services on Windows Server 2012 R2.

We will consider the case when you already have a server with Windows Server 2012 R2 installed on it.

You can read more about how to install Windows Server 2012 R2 in my guide «Installing Windows Server 2012 R2». You can learn how to install Active Directory Domain Services on Windows Server 2012 R2 by reading «Installing Active Directory Domain Services on Windows Server 2012 R2».

Before starting the installation of the Windows Server Update Services role, you must give the server the correct name in accordance with the standards of your organization, and then specify the static IP address in the network connection settings. Additionally, the server must be added to a domain. In my guide «Configuring Windows Server 2012 R2», you can read about how to configure Windows Server 2012 R2 and add the server to the domain.

Please note that before installing updates on industrial servers, you must test the installation of updates on test servers.

Go to the future update server and log into the system under an account with administrator rights.

The first thing you need to consider is in which folder updates will be downloaded. To store downloaded updates, it is best to use a folder on a separate local drive. The amount of free space on a dedicated disk must be at least 10 Gb.

Let’s create a new folder for updates.

Go to the additional local disk and right-click on an empty spot, in the menu that opens, select “New”, then “Folder”.

Specify a name for the new folder and press the “Enter” button.

The new folder for updates is ready.

Now you are ready to install the Windows Server Update Services role.

Open the “Server Manager”, click on the “Manage” button in the upper right corner of the screen and select “Add Roles and Features”.

Click on the “Next” button.

Select the installation type “Role-based or feature-based installation” and click on the “Next” button.

Next, select the server on which the role will be installed.

Click on the “Next” button.

Select the “Windows Server Update Services” role.

In the next step, the Role Installation Wizard warns that several components must be installed to install the Windows Server Update Services role.

Click on the “Add Features” button.

Click on the “Next” button.

At the stage of adding components, leave all the default values.

Click on the “Next” button.

Next, the Role Installation Wizard invites you to learn more about the Windows Server Update Services role.

Click on the “Next” button.

Now you need to choose where the update service will store its service data. To do this, you can use SQL Server or store data in a Windows internal database (WID – Windows Internal Database). WID has no database size limit and does not require an additional license to use.

This guide will use the Windows Internal Database for data storage.

Select “WID Database” and “WSUS Services”.

Click on the “Next” button.

Specify the path to the previously created folder where it is planned to store the downloaded updates.

Click on the “Next” button.

At the next stage, the Role Installation Wizard will warn that the role of the Web Server “Internet Information Services” will be additionally installed for the Windows Server Update Services role to work.

At the stage of adding components, leave all the default values.

Click on the “Next” button.

In order to start the installation of the selected role, click on the “Install” button.

The installation of the selected role and the necessary components for it began.

The installation of the Windows Server Update Services role is complete.

Now click on the “Launch Post-Installation tasks” button so that the “Role Installation Wizard” launches tasks for the initial configuration of a new role.

The process of performing tasks on the initial configuration of a new role has begun.

The process of completing the initial configuration of a new role is complete.

Click on the “Close” button.

Now you need to make the basic configuration of the Windows Server Update Services role.

Return to the “Server Manager”, click on the “Tools” button in the upper right corner of the screen and select “Windows Server Update Services”.

Click on the “Next” button.

It is further proposed to participate in a quality improvement program.

Uncheck “Yes, I would like to join the Microsoft Update Improvement Program” and click on the “Next” button.

Now you need to select the source from where your server will download updates for further distribution on the local network. To do this, you can use Microsoft servers or download updates from another server with the Windows Server Update Services role on your local network.

In this guide, the server will download updates over the Internet from Microsoft servers.

Select “Synchronize from Microsoft Update” and click on the “Next” button.

Next, you can specify the settings for connecting to the Internet through a proxy server.

The proxy server is not used in this manual.

Click on the “Next” button.

Now you need to connect to the source with updates to get information about available updates.

Click on the “Start Connecting” button.

The process of connecting to the source with updates is completed.

Click on the “Next” button.

Next, you need to choose which languages you want to download updates.

Select the desired languages and click on the “Next” button.

Now you need to choose which products you want to download updates.

This guide will install updates for the Windows Server 2012 R2 operating system.

Select for which products it is planned to install updates, and click on the “Next” button.

Next, you need to select the necessary updates by classification.

Select all classifications except “Drivers” and “Update Rollups”.

Please note that updates related to the “Drivers” and “Update Rollups” classifications are not recommended to be installed using the update server, in order to be able to fully control the installation process and, thus, minimize errors during the update.

Click on the “Next” button.

Now you need to select a schedule according to which your server will download updates for their further distribution on the local network.

In this guide, the server will download updates every day automatically.

Select “Synchronize automatically” and specify a convenient time for downloading updates to your server.

Click on the “Next” button.

Now you can start the initial synchronization process with Microsoft servers.

Put a tick on the item “Begin initial synchronization” and click on the “Next” button.

Next, I will give recommendations for further configuration of the Windows Server Update Services role.

Click on the “Finish” button.

The basic configuration of the Windows Server Update Services role has been completed.

Now you need to create a group policy that will distribute information about your update server to computers for subsequent downloading of updates from your server.

This guide will look at a single group policy for servers and workstations.
 

Please note that in an industrial environment, it is recommended to use individual group policies for each type of computer.

Go to the domain controller and log into the system as an account with domain administrator rights.

Open “Server Manager”, click on the “Tools” button in the upper right corner of the screen and select “Group Policy Management”.

Right-click on the domain name and select “Create a GPO in this domain, and Link it here”.

Specify a name for the new group policy and click on the “OK” button.

Next, click on the new policy with the right mouse button and select “Edit”.

In the Group Policy Editor, go to the “Computer Configuration” section, then to the “Policies” subsection, then find the “Administrative Templates” section and select “Windows Components”, then “Windows Update”.

Next, double-click the left mouse button on the item “Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates”.

This setting allows you to wake the system from sleep mode to install updates.

Select “Enabled”.

Please note that if Group Policy is designed for servers only, then this setting may not be applied.

Click on the “OK” button.

Next, double-click with the left mouse button on the item “Configure Automatic Updates”.

This setting allows you to select the settings for installing updates and the schedule by which they will be installed.

Select “Enabled”.

In this guide, updates will be automatically downloaded and installed every day at four in the evening on all computers.

Please note that in an industrial environment for important servers it is not recommended to use the automatic installation of updates in order to be able to fully control the installation process and, thus, minimize errors during the update.

In the “Configure automatic updating” section, select “Auto download and schedule the install”.

In the “Scheduled install day” section, select a convenient schedule for installing updates. “

Click on the “OK” button.

Next, double-click the left mouse button on the item “Specify intranet Microsoft update service location”.

This setting allows you to specify the address of your update server.

Select “Enabled”.

In the “Set the intranet update service for detecting updates” field, specify the address at which your update server is available on the local network via HTTP, and port 8530.

In the “Set the intranet statistics server” field, specify the address at which your update server is available on the local network via HTTP, and port 8530.

Click on the “OK” button.

Next, double-click the left mouse button on the item “Automatic Updates detection frequency”.

This setting allows you to set the interval for checking for new updates on your update server.

Select “Enabled”.

This guide will check for new updates once per hour.

In the field “Interval (hours)” specify a convenient interval for installing updates.

Click on the “OK” button.

Next, double-click the left mouse button on the item “Allow Automatic Updates immediate installation”.

This setting allows you to immediately begin installing updates after they are downloaded and prepared for installation on target computers.

Select “Enabled”.

Click on the “OK” button.

Next, double-click the item “Turn on recommended updates via Automatic Updates” with the left mouse button.

This setting allows you to install on computers not only important updates but also recommended ones.

Select “Enabled”.

Click on the “OK” button.

Next, double-click the left mouse button on the item “No auto-restart with logged on users for scheduled automatic updates installation”.

This setting allows you to prohibit the automatic restart of the computer if the user has logged on to it.

Select “Enabled”.

Click on the “OK” button.

Now let’s check the application of group policy.

To do this, you need to start the update of group policies on a computer that falls under the new group policy and on which you want to install updates.

In this manual, the computer on which updates will be installed uses a server based on the Windows Server 2012 R2 operating system, which acts as a domain controller.

Click “Start”, point to the search bar “cmd”, then right-click on “Command Prompt” and select “Run as administrator”.

Speed up the group policy update using the command:

gpupdate /force

The group policy update has completed successfully.

Now check that the server has received the necessary settings for downloading updates from the server on which the Windows Server Update Services role is installed.

Go to the “Start” menu and press the “Control Panel” button.

Next, go to the “System and Security” section.

Select the “Windows Update” section.

If you did everything correctly, then in the “Windows Update” section under “You receive updates” should be displayed “Managed by your system administrator”.

Now you need to create a new group of computers, allow the installation of certain updates to this group and add to this group the computers on which you plan to install updates.

Return to the server on which the Windows Server Update Services role is installed.

Log in to the system under an account with administrator rights.

Open “Server Manager”, click on the “Tools” button in the upper right corner of the screen and select “Windows Server Update Services”.

Go to the “Computers” section and right-click on the “All Computers” subsection. In the menu that opens, select “Add Computer Group”.

In this manual, the “Servers” group will be used, where the servers on which updates are to be installed will be added.

Specify a name for the new group of computers and click on the “Add” button.

Now in the new group, you need to add the computers on which you want to install updates.

In this manual, a server that acts as a domain controller is used as the computer where updates will be installed.

Go to the “Computers” section, then to the “Unassigned Computers” subsection. In the “Status” menu, select “Any” and click on the “Refresh” button.

In this subsection, all computers appear on which information about your update server has been distributed.

Right-click on the computer on which you want to install updates, and in the menu that opens, select “Change Membership”.

Specify the group of computers into which you want to add a computer and click on the “OK” button.

Go to the section “Computers”, then to the subsection “Servers”. In the “Status” menu, select “Any” and click on the “Refresh” button.

The computer was successfully added to the “Servers” group.

Now you need to enable the installation of updates on a new group of computers.

In the “Updates” section, go to the “All Updates” subsection and on the right side of the screen select the updates necessary to install.

This guide will allow all updates for the Windows Server 2012 R2 operating system.

Select the updates that you need to allow for installation, and click on the “Approve” button.

Now you need to select the group of computers on which you want to allow the installation of the selected updates.

Select “Servers” and select “Approved for Install” from the menu that opens.

Everything is ready for permission to install the selected updates on the “Servers” group.

Click on the “OK” button.

Updates were successfully allowed for installation on the selected group of computers.

Click on the “Close” button.

Now you need to wait, and after a while, only the updates that were allowed will be downloaded and installed on the specified group of computers.

Now you can create a rule to automatically allow new updates.

Please note that in a production environment for important servers, it is not recommended to use rules for automatically allowing updates to be able to fully control the installation process and, thus, minimize errors during the update.

In the “Options” section, select “Automatic Approvals”.

Click on the “New Rule” button.

In the “Step 1: Select properties” section, check the box “When an update is in a specific classification” to specify for which classifications updates will be allowed automatically.

Then check the box “When an update is in a specific product” to specify which product updates will be automatically resolved.

In the “Step 2: Edit the properties” section, select “Any classification”.

Next, you need to select the necessary updates by classification.

Select all classifications except “Drivers” and “Update Rollups”.

Please note that updates related to the “Drivers” and “Update Rollups” classifications are not recommended to be installed using the update server in order to be able to fully control the installation process and, thus, minimize errors during the update.

Click on the “OK” button.

Now you need to choose which products you want to automatically allow updates.

In the “Step 2: Edit the properties” section, select “Any product.”

This guide will automatically enable updates for the Windows Server 2012 R2 operating system.

Select the products on which you plan to install updates, and click on the “OK” button.

Now you need to choose for which group of computers you want to automatically allow updates.

In the “Step 2: Edit the properties” section, select “All computers”.

In this manual, the group “Servers” is used as the group to which you should automatically allow updates.

Select the group of computers for which you want to automatically allow updates, and click on the “OK” button.

Now you need to specify a name for the new rule.

In the “Step 3: Specify a name” section, specify the name for the new rule and click on the “OK” button.

The creation of a rule to automatically allow new updates is completed.

Put a tick on the new rule and click on the “OK” button.

Now let’s check if the updates are installed.

A day later, return to the computer on which the updates should have been installed.

In this guide, the domain controller was used as the computer on which the updates were installed.

Log in to the system under an account with the rights of a domain administrator and go to the “Start” menu.

Now go to the “System and Security” section.

Select the “Windows Update” section.

Updates were successfully installed on the server.

To complete the installation of updates, you must restart the server.

Click on the “Restart now” button.

Author

Hi, I’m Vladimir Mikhalev, but my friends call me Valdemar. I have a lot of experience in the design and maintenance of various information systems. On my website, you will find detailed and clear guides for setting up IT solutions. Dive into the ocean, full of positive and technology! For cooperation: callvaldemar@gmail.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.