
Saving Progress...
In this lecture, we are going to talk about Windows Server Update Services or WSUS.

In short Windows Service Update Services or WSUS is a Server Role that allows administrators to control Windows Updates within their domain.
So, Microsoft will release patches on a monthly basis that address different vulnerabilities and bug fixes to the Microsoft operating system. You as an administrator can control whether or not your computers install certain updates, whether they are required or optional updates, etc.
It is really important that you install a WSUS Server within your domain and you use it to control and keep your network safe.

Now there are a couple of different ways that WSUS can acquire updates.
First, you can download updates directly from Microsoft. Now, this is a viable option if your network has Internet connectivity.
Second, you can download updates from another WSUS Server which would be called an upstream server.
You can also import files directly to your WSUS Servers. If your server is disconnected from the Internet you can download the files onto a CD Drive and then transfer those files to your offline WSUS Servers and then import them to your WSUS Server which would allow you now to push them out to all your clients machines.

The most important bullet point in this slide is that the WSUS Server Role should never be installed on a Domain Controller because you’ll have access issues with the database.

Here’s an example of Importing WSUS Updates.
On the left, you can see we have an isolated network. Obviously, certain networks contain sensitive information and it is better for them to not be connected to the Internet. But how do you install these updates and patch all these critical vulnerabilities? Well, a way you do that is you have another network that is connected to the Internet but doesn’t contain the same sensitive information. You get a WSUS Server stood up or configured and installed on that network that has Internet connectivity. You download the updates from Microsoft servers then you transfer those updates via a DVD or USB drive over to the isolated network and then that network can pass out those updates.

Now, an example of an Upstream/Downstream WSUS Server would be an isolated network. It wouldn’t even have to be a network that has to be connected from the Internet but a certain scenario where we have a WSUS Server that is retrieving updates from another WSUS server.
So we can see the Downstream server, in this case on the left-hand side is accepting or is polling its updates from the upstream server.

Now, you might be asking how this works, how do we get it up and running?
First, you add the WSUS Server role to remember not a Domain Controller.
Then you configure the client computers with Group Policy. Now, you either wait for the clients to check with WSUS or you force an early check-in. When you’re getting this setup I recommend that you force an early check-in just so you can see things are working the way they are supposed to.
Once you’ve done that, you organize your WSUS clients in Computer Groups. This is good for testing purposes. Now, I don’t know with which kind of networks you guys are going to be working on but if you are working with developers, certain versions that .Net will make, you know certain code not work and different things so it is a good idea to test your updates, have a test group, let’s say four workstations and deploy test updates to that workstations, see if anything breaks and if it’s all good go ahead and deploy to the rest of your network.
Now, the monthly maintenance for this is to go through and approve updates for the specific computer groups. Now, patch Tuesday is a term you need to be familiar with and is generally the second and occasionally the fourth Tuesday of each month and this is when Microsoft releases all its updates for their vulnerabilities.

OK, That’s an overview of WSUS or Windows Server Update Services.
CURRICULUM
Introduction • 4min
0 / 1 lessons complete
Optional Lab Setup • 44min
0 / 5 lessons complete
Downloading Required Software
Video | 5 min
Installing VirtualBox and Creating Our VMS and Virtual Network
Video | 6 min
Installing Windows Server Part 1 and 2
Video | 13 min
Building Our Windows Domain
Video | 8 min
Installing Windows 10
Video | 12 min
Installation and Configuring WSUS (Windows Server Update Services) • 1hr 36min
0 / 5 lessons complete
Installing The WSUS Role
Free lesson
Video | 4 min
Configuring Our WSUS Server
Video | 9 min
Configuring WSUS with Group Policy
Video | 13 min
Configuring WSUS Clients That Are Not In Your Domain
Video | 10 min
Lab: Installing and Configure WSUS
Lab | 60 min
How to use WSUS • 46min
0 / 4 lessons complete
WSUS Synchronizations
Video | 5 min
Managing WSUS Client Computers and Groups
Video | 4 min
Approving WSUS Updates
Video | 7 min
Lab: How to use WSUS
Lab | 30 min
WSUS Troubleshooting • 11min
0 / 4 lessons complete
Issues with Client Computers Not Reporting
Video | 5 min
What To Do When Your WSUS Server Wont Download Updates
Video | 3 min
WSUS Server Cleanup Wizard
Video | 2 min
Windows Update Agent Result Codes Reference
Video | 1 min
Advanced WSUS Administration • 57min
0 / 4 lessons complete
Creating an Downstream WSUS Server
Video | 9 min
Moving Your WSUS Content to Another Hard Drive (or Location)
Video | 6 min
Importing Updates to an Offline WSUS Server
Video | 12 min
Lab: Configuring a Downstream WSUS Server
Lab | 30 min
Course Conclusion • 1min
0 / 1 lessons complete