1. SecPod Technologies
  2. KB Articles
  3. How To's

    How to Configure WSUS Server To Download All Updates Automatically

    Follow

    Open WSUS server setting and follow below steps to configure WSUS Server to download all required Microsoft the updates automatically.

    Configure Update Source:

    1. Go to "Options" and click on "Update source and proxy server".
    2. Select "Synchronize from Microsoft Update"
    3. Add proxy details, if required

     

     

    Configure Product and Classification:

    1. Go to "Options" and click on "Products and Classifications"
    2. Select "All products" or "applications", which are applicable to your organization in "Products" Tab
    3. In “Classification” Tab select “All Classification” OR select “Critical Updates”, “Security Updates”, “Service Packs”, “Update Rollups”, “Updates” and “Upgrades” in “Classification” Tab

     

    Configure Files and Languages:

    1. Go to "Option" and click on "Update Files and Languages"
    2. Select "Store update files locally on this server" in "Update Files” tab Select "Download Express installation files".
    3. Select “Download updates only in these languages” and select all required languages from the list. 

     

    Configure Synchronization Schedule:

    1. Go to "Options" and click on "Synchronization Schedule"
    2. Select "Synchronize automatically" and set time and per your preferred time
    3. Also, select "Synchronize per day" to "3" OR as per your preference.

     

    Configure Automatic Approvals:

    1. Go to "Options" and click on "Automatic Approvals"
    2. Click on "New Rule" and select "When update in a specific classification"
    3. Click on When an update is in "any classification" and select "All Classification" OR Use previously selected "Classification" in "Products and Classifications" section.
    4. Select "When an update is in a specific product"
    5. Click on When an update is in "any product" and select "All Products" OR Use previously selected "Products" in "Products and Classifications" section. 
    6. Click on Approve the updates for "any computer" and select "All Computer" NOTE: Include "Unassigned Computers" as well 
    7. Specify rule name and click on "OK" to create auto approval rule.
    8. Select check boxes as shown in the below picture in "Advanced" tab.

     

     Configure Computers Section:

    1. Go to "Options" and click on "Computers"
    2. Select "Use Group Policy or Registry settings on computers"

     

    Manual Checklist:

    •  Check and make sure to apply security updates and upgrades to WSUS server once in a month.
    • We have observed due to some reason "auto approval" on certain updates does not happen, once in a month approve updates manually.
    • Microsoft releases "Security Patches" every month 2nd week of Tuesday and in rare cases, emergency patches will be released.
    • It is good practice to do above first 2 tasks on every month 2nd week of "Friday"

     

    References:

    Please refer below references to understand more on WSUS server working,

    https://technet.microsoft.com/en-us/library/cc708460(v=ws.10).aspx

    https://technet.microsoft.com/en-us/library/cc708519(v=ws.10).aspx

    https://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx

    https://technet.microsoft.com/en-us/library/cc708475(v=ws.10).aspx

    https://technet.microsoft.com/en-us/library/cc720525(v=ws.10).aspx

    Was this article helpful?
    0 out of 0 found this helpful

    Comments