Let’s have a look at the Windows Server Update Services setup in Windows Server 2022. This guide will help you if you have a plan to install and configure WSUS Microsoft. I have decided to write this article exclusively for Windows administrators who need to install and configure Windows Server Update Services to manage Windows updates in their organization.
What are Windows Server Update Services?
Table of Contents
WSUS Lab Setup
First, let me cover about Window Server Update Services lab setup. In this scenario, I have chosen Windows Server 2022 to install and configure WSUS.
I have installed a few virtual machines in my test lab. Here you can find a list of machines and operating system information.
| Server Name | Roles | Roles Operating System |
| DC2022 | Active Directory, DNS, DHCP | Windows Server 2022 |
| WSUS | Windows Server Update Services | Windows Server 2022 |
| Windows10 | Client Computer | Windows 10 Pro |
System Requirement WSUS
Please visit Microsoft’s Official Website.
WSUS Firewall Ports for WSUS
When we set up the Windows Server Update Services server, it is important that the WSUS server connect to Microsoft Update to download updates. If you have a corporate firewall between the Internet and the WSUS server, you may need to configure that firewall to ensure WSUS can receive updates.
http://windowsupdate.microsoft.com
http://.windowsupdate.microsoft.com https://.windowsupdate.microsoft.com
http://.update.microsoft.com https://.update.microsoft.com
http://.windowsupdate.com http://download.windowsupdate.com https://download.microsoft.com http://.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://go.microsoft.com
http://dl.delivery.mp.microsoft.com
https://dl.delivery.mp.microsoft.com
Install WSUS Role Server 2022
The steps to install Windows Server Update Services Role on Windows Server 2022.
Log on to your Windows 2022 server.
In Server Manager, click Add Roles and Features.
Click next
Select next
Verify the server name, and then click next.
On the Server Roles page, choose the checkbox Windows Server Updates Services.
Click Add Features and then click next
Select next
In the Windows Server Update Services window, click next.
Choose WID Connectivity, WSUS Services, and then click next.
Specify a location to store the updates, and then click next.
Web Server Role (IIS) window, click next.
The role services to install a web server (IIS) are selected automatically.
Do not change anything here, and just click next.
Click the install button to install WSUS.
Installing Windows Server Update Services roles is in progress.
After completing the WSUS installation, click Launch Post-Installation Tasks.
Wait for the configuration to be successfully completed, and then click close.
Configure Windows Server Update Services
After we install WSUS, we can configure the WSUS server using the WSUS Server configuration wizard. Click on Tools, and then select Windows Server Update Services.
Windows Server Update Service Configuration Wizard, click next.
Click next
This is only a WSUS server; I will choose Synchronize from Microsoft Update and click next.
I have no proxy server; click next.
Connect to the Upstream Server window, and click on the Start Connecting button.
Download update information from the Windows Update Server.
Once complete, click next.
Choose the Download updates only in these languages option. Choose the languages for which you want updates, and then click next.
I am going to select Windows Server 2022, Windows 10 1903, and Windows 11 and above. Click next
Select Update Classifications Critical Updates, and then click next.
Configure the WSUS Sync Schedule and click next.
Choose Begin initial synchronization, and then click Next.
Now complete the steps to configure WSUS, and click finish.
Windows Update Services console.
WSUS Configure Group Policy Settings
Once you install and configure WSUS, the next important step is to configure group policy settings for automatic updates. Using group policy, we can point our client computers to the new WSUS server.
In the active directory environment, we can use Group Policy, which specifies the Windows Server Update Services server. The group policy settings will be used to receive automatic updates from WSUS.
We can create a group policy and apply it at the domain level. Or we can create and apply the GPO to a specific organizational unit.
Automatic Updates WSUS Configuration
To configure Automatic updates group policy for WSUS
In the Active Directory Server, from the server manager, open the Group Policy Management console.
I am going to configure GPO on the domain level.
Right-click on your local domain, and then click on Create a GPO in this domain.
Enter a GPO name, and then click OK.
Right-click on GPO (WSUS) and click Edit.
Expand computer configuration, expand policies, expand administrative templates, expand Windows components, and then click on Windows Update.
Double-click on Configure Automatic Updates.
Set it to enabled.
Configure automatic updating settings as per your requirements, and then click OK.
Open Specify Intranet Microsoft Update Service Location
Click Enabled, Specify the intranet update service and intranet statistics server, and then click OK.
Open Enable client-side targeting settings
Enable it, enter a target group name, and click OK.
Verify the intranet update service location on the client system using the registry. Open Registry Editor by typing Registry Editor in the search.
Go to HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Confirm the values of WUServer and WUStatusServer, and then confirm if the values match the ones that we supplied in the WSUS GPO.
Verify intranet Microsoft Update service location
Update GPO
Gpupdate /force
Wuauclt /resetauthorization /detectnow
Wuauclt /reportnow
Configure WSUS Computer Groups
When we launch the WSUS console, we will find two default computer groups
All computers and unassigned computers.
To create a new computer group on the WSUS Server
In the Update Services Console, under Update Services, expand WSUS, expand computers, right-click on All computers, and then select Add Computer Group.
In the Add Computer Group window, enter the name of the new group, and then click Add.
Select All Computers, and you will see a list of computers. Click on computers, right-click on them, and then select Change Membership.
Set the Computer Group Membership window, choose the new group that you just created, and click OK.
Choose the target computer group
Select the new group and find those computers.
Select options, and then click on computers.
Choose the “Use group policy or registry settings on computer” box, and then click OK.
Configure Auto Approval Rules in WSUS
If we don’t need to manually approve the Windows updates, we can configure the auto-approval rule in WSUS.
Select Options and click Automatic Approvals.
You will find the default automatic approval rule, and if you want, you can edit it and use it.
Click on the New Rule tab to create a new approval rule.
Select updates to approve, specify the auto-approval rule name, and then click OK.
Click Run Rule.
Select yes
WSUS running rule.
Click ok
Approve and Deploy Updates in WSUS
Expand Updates and then All Updates.
Select the updates that you wish to approve for installation in your computer group.
Right-click on updates and select Approve.
Click on the down arrow, and then select approved for installation.
Select your group, and then click the down arrow. Choose Approved for Install and click OK.
The Approval Progress window will pop up, which shows the progress of the tasks that affect update approval. After completing the approval process, click close.
Windows Server Update Services Reports
Click on Reports in the WSUS console, and it will show the list of reports. WSUS comes with some reports to help you find the updated deployment status, computer reports, and sync reports.
These are the steps to install and configure WSUS. I am sure this article will help you set up WSUS. Refer this article how to configure WSUS
