What is WSUS?
Windows Server Update Services (WSUS) is an update service that allows administrators to centrally manage the distribution of patches and security updates.
It provides latest Microsoft product updates
In WSUS/Updates/All updates section, there are catalogs of Update info. You can choose what to update and then approve.
Computers can belong to small group. ==> Each group can have different update I think.
How it is installed?
The information in this section is from Youtube channel ‘InfoSec Pat’
Overall Process
1. Configure IP ADdress and rename the server and join server to the domain
2. Install WSUS Role from the Server Manager.
3. Configure WSUS and GPO for the Servers.
4. Verify WSUS installation
1. Configure IP Address and rename the server and join server to the domain
WSUS Computer: Configure IP Address. This computer is not yet used as a WSUS. We are making this computer as a WSUS now!
ADDS/DNS/DHCP Computer: Add new computer which just joined our domain to ‘Servers’ group.
- There is also a WSUS-Servers OU, and CORE computer is in. However, It is not dealt well in the video. I need to figure it out what the heck is this….
?
2. Install WSUS Role from the Server Manager.
- WSUS Computer: From server manager, click ‘Add Roles and Features’ and add ‘WSUS’ role.
Select storage (where the contents for the updates are gonna be sitting)
3. Configure WSUS and GPO for the Servers.
ADDS/DNS/DHCP Computer:
- Add new group policy ‘WSUS’
ADDS/DNS/DHCP Computer:
Computer Configuration => Policies => Administrative Template => Window Components => Windows Update
3 main settings
- Configure Automatic Updates
- Specify intranet Microsoft update service location
-specify intra Microsoft update service (DNS server ip ) (port number is important)
- Automatic Updates detection frequency
Attach new role to WSUS-Servers OU.
4. Verify WSUS installation
https://community.spiceworks.com/how_to/169570-how-to-install-and-configure-wsus-on-windows-server-2019
What complaints people have for it?
Source : https://study.com/academy/lesson/windows-server-update-services-wsus-definition-uses-setup.html
- It is only supported on Windows Server (Expensive licensing required).
- It requires at least 4GB of memory to run (the more updates, the more RAM needed).
- It requires hundreds of GB to store downloaded updates. Additional selected products and update types increase this amount.
- The management database can occasionally be corrupted through normal usage, thus crashing the server and requiring cleanup and repair work to fix
What commands do to try and fix clients?
https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/troubleshoot-issues-with-wsus-client-agents
How to approve/disapprove updates?
http://woshub.com/wsus-update-approvals/
https://www.youtube.com/watch?v=OgiuKJyIp_g
How to control what products are offered?
https://documentation.solarwinds.com/en/success_center/patchman/content/spmag_selectmsproductsandclassifications.htm
—Unrelated—
Security
- what you know - Password
- based on word is good to remember and pretty secure. so like “mouse-orange-desktop” .
- who you are - biometrics
- Fingerprint, your eyes
- what you have - MFA (Multi Factor Authenticator)
Exchange Admin Center
Mailboxes : Mails in box.
- Groups : When you want to send an email to certain group of people, It can be done by this feature.
- Resources : It keeps track of schedule for resource usage, so It is not double booked.
- Contacts : ?
https://docs.microsoft.com/en-us/exchange/exchange-admin-center
https://docs.microsoft.com/en-us/exchange/architecture/client-access/exchange-admin-center?view=exchserver-2019
How to check win-up for computers
- go to WSUS server, and Tools-WSUS(The last one) and check