What is WSUS?

31 Mar 2021 in System Network

This page will be kept updated.

• Windows Server Update Services (WSUS) is an update service that allows administrators to centrally manage the distribution of patches and security updates.

• It provides latest Microsoft product updates

• In WSUS/Updates/All updates section, there are catalogs of Update info. You can choose what to update and then approve.

  

• Computers can belong to small group. ==> Each group can have different update I think.

  

Source - ms docs

Source - nedimmehic.org

How it is installed?

The information in this section is from Youtube channel ‘InfoSec Pat’

Overall Process

1. Configure IP ADdress and rename the server and join server to the domain
2. Install WSUS Role from the Server Manager.
3. Configure WSUS and GPO for the Servers.
4. Verify WSUS installation

1. Configure IP Address and rename the server and join server to the domain

• WSUS Computer: Configure IP Address. This computer is not yet used as a WSUS. We are making this computer as a WSUS now!

  

• ADDS/DNS/DHCP Computer: Add new computer which just joined our domain to ‘Servers’ group.

• There is also a WSUS-Servers OU, and CORE computer is in. However, It is not dealt well in the video. I need to figure it out what the heck is this….

?

2. Install WSUS Role from the Server Manager.

• WSUS Computer: From server manager, click ‘Add Roles and Features’ and add ‘WSUS’ role.

• Select storage (where the contents for the updates are gonna be sitting)

  

3. Configure WSUS and GPO for the Servers.

• ADDS/DNS/DHCP Computer:

  • Add new group policy ‘WSUS’

  

• ADDS/DNS/DHCP Computer:

  • Computer Configuration => Policies => Administrative Template => Window Components => Windows Update

  • 3 main settings

    • 1. Configure Automatic Updates
    • 1. Specify intranet Microsoft update service location

      ​ -specify intra Microsoft update service (DNS server ip ) (port number is important)

    

    • 1. Automatic Updates detection frequency

• Attach new role to WSUS-Servers OU.

4. Verify WSUS installation

https://community.spiceworks.com/how_to/169570-how-to-install-and-configure-wsus-on-windows-server-2019

What complaints people have for it?

Source : https://study.com/academy/lesson/windows-server-update-services-wsus-definition-uses-setup.html

• It is only supported on Windows Server (Expensive licensing required).
• It requires at least 4GB of memory to run (the more updates, the more RAM needed).
• It requires hundreds of GB to store downloaded updates. Additional selected products and update types increase this amount.
• The management database can occasionally be corrupted through normal usage, thus crashing the server and requiring cleanup and repair work to fix

What commands do to try and fix clients?

https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/troubleshoot-issues-with-wsus-client-agents

How to approve/disapprove updates?

http://woshub.com/wsus-update-approvals/

https://www.youtube.com/watch?v=OgiuKJyIp_g

How to control what products are offered?

https://documentation.solarwinds.com/en/success_center/patchman/content/spmag_selectmsproductsandclassifications.htm

—Unrelated—

Security

• what you know - Password
  • based on word is good to remember and pretty secure. so like “mouse-orange-desktop” .
• who you are - biometrics
  • Fingerprint, your eyes
• what you have - MFA (Multi Factor Authenticator)

Exchange Admin Center

• Mailboxes : Mails in box.

• Groups : When you want to send an email to certain group of people, It can be done by this feature.
• Resources : It keeps track of schedule for resource usage, so It is not double booked.
• Contacts : ?

https://docs.microsoft.com/en-us/exchange/exchange-admin-center

https://docs.microsoft.com/en-us/exchange/architecture/client-access/exchange-admin-center?view=exchserver-2019

Active Directory

---

How to check win-up for computers

• go to WSUS server, and Tools-WSUS(The last one) and check