Windows Server Update Services (WSUS) helps windows administrators to deploy the latest security patches from Microsoft and to update on computers that are running with windows operating systems and other Microsoft products .
Ø Latest version is WSUS 3.0 SP2
Ø Configuration:
Client level configuration
can be done through local group policy
or through Active directory.
Go to START
then RUN type GPEDIT.MSC and
In Administrative
Templates\Windows Components\Windows Update on right side need to configure
update server details and others. Find the below screen shot for quick reference..
------------------------------------------------------------------------------------------------------------------------------------
The windows
update settings will get updated in registry. The values of this registry
entries can be changed by changing the group policy (in Administrative
Templates\Windows Components\Windows Update) or through registry editing.
Here is the path where we can configure them,
·
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
·
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
The
registry elements under “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU”
are listed below with the values which make difference in settings
Ø AUOption-à-Stores configuration data for the
policy setting Configure Automatic Updates.
Value data: 1 to 4
§ 1: Keep my computer up to
date has been disabled in Automatic Updates.
§ 2: Notify of download and
installation.
§ 3: Automatically download
and notify of installation.
§ 4: Automatically download
and scheduled installation.
Ø NoAutoRebootWithLoggedOnUsers-à-Stores
configuration data for the policy setting No
auto-restart for scheduled Automatic Updates installations.
Value data: Reg_DWORD:
0 (false) or 1 (true).
§ If set to 1, Automatic
Updates does not automatically restart a computer while users are logged on.
Ø NoAutoUpdate-à-Stores
configuration data for the policy setting Configure
Automatic Updates.
Value data: 0 or 1
§ 0: Automatic Updates is
enabled (default).
§ 1: Automatic Updates is
disabled.
Ø RescheduleWaitTime-à-Stores
configuration data for the policy setting Reschedule
Automatic Updates scheduled installations.
Value data: m,
§ where m equals the
time period to wait between the time Automatic Updates starts and the time it
begins installations where the scheduled times have passed. The time is set in
minutes from 1 to 60, representing 1 minute to 60 minutes)
Ø ScheduledInstallDay--àStores configuration data for the policy setting Configure Automatic Updates.
Value data: 0 to 7
§ 0: Every day.
§ 1 through 7: The days of
the week from Sunday (1) to Saturday (7).
Ø ScheduledInstallTime--àStores configuration data for the policy setting Configure Automatic Updates.
Value data: n,
§ where n equals the time of
day in a 24-hour format (0-23).
Ø UseWUServer--àStores configuration data for the policy setting Specify intranet Microsoft update service location.
Value data: Set
this value to 1 to configure Automatic Updates to use a server that is running
Software Update Services instead of Windows Update.
Ø WUServer--àStores configuration data for the policy setting Specify intranet Microsoft update service location.
Ø WUStatusServer-à-Stores
configuration data for the policy setting Specify
intranet Microsoft update service location.
Ø Commands:
Ø wuauclt /detectnow à Command used to Force detect update from WSUS server
Ø Wuauclt /resetauthorization /detectnow àCommand used
to reset the authorization with client and wsus
Ø Wuauclt /scannow àCommand will force the system to see if there are any patches that
apply
Ø Wuauclt /report now-àCommand will force the client to send updated status to the WSUS
server.
Apart from these here is the some more
switches used in WSUS administration
§ /DetectNow
§ /ReportNow
§ /RunHandlerComServer
§ /RunStoreAsComServer
§ /ShowSettingsDialog
§ /ResetAuthorization
§ /ResetEulas
§ /ShowWU
§ /ShowWindowsUpdate
§ /SelfUpdateManaged
§ /SelfUpdateUnmanaged
§ /UpdateNow
§ /ShowWUAutoScan
§ /ShowFeaturedUpdates
§ /ShowOptions
§ /ShowFeaturedOptInDialog
§ /DemoUI
Ø Troubleshooting
All Windows update related details (like
Errors , process status ) are saved in windows log file under
“%WINDIR%\WindowsUpdate.log” .
How to read the Windowsupdate.log file--àPlease follow this article which explain on this http://support.microsoft.com/kb/902093
How to read the Windowsupdate.log file--àPlease follow this article which explain on this http://support.microsoft.com/kb/902093
1.
WSUS
Clients Registered But Not Displaying Status
When a WSUS Clients
Registered and not showing any details in wsus server it may be for many reasons
like,
Wsus admin console will
display only unique client id.Each client will have a unique id when installing
an OS to it.But then we deploy a client through a same image or Ghosting each
client will share with same unique id.
In this case we need to reregister the
client with WSUS by following the steps
1.
GO to RUN and REGEDIT for registry editing
Go to path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
2.
Delete the following entries
PingID, SUSClientID and the AccountDomainSID values in registry
3.
Restart the "Wuauserv
Service "
a)
Net stop Wuauserv àTo stop the Service
b)
Net Start Wuauserv àTo start the Service
c)
Net Status Wuauserv àTo
check the service status
4.
Go to Command prompt(RUNàCMD) and type
a) wuauclt
/resetauthorization /detectnow
The client will start reauthenticate with
the wsus server.
2.
Here is
a awesome link for top 5 WSUS issues and all are well explained
