How to Configure WSUS Server to Download All Updates Automatically

Solution:

This guide provides step-by-step instructions to configure a Windows Server Update Services (WSUS) server to automatically download and approve updates for your organization.

1. Configure Update Source

1. Open the WSUS console and navigate to Options.
2. Select Update Source and Proxy Server.
3. Under Update Source, choose Synchronize from Microsoft Update.

4. If a proxy server is required, add the necessary proxy details and credentials.

2. Configure Products and Classifications

1. In the Options menu, select Products and Classifications.
2. Under the Productstab:
   • Choose All Products or select specific applications relevant to your organization.

3. Under the Classificationstab:
   • Select All Classificationsor choose relevant categories, such as:
     • Critical Updates
     • Security Updates
     • Service Packs
     • Update Rollups
     • Updates
     • Upgrades

3. Configure Files and Languages

1. In the Options menu, select Update Files and Languages.
2. Under the Update Filestab:
   • Check Store update files locally on this server.
   • Check Download Express installation files.

3. Under the Update Languagestab:
   • Select Download updates only in these languages and choose the required languages from the list.

4. Configure Synchronization Schedule

1. In the Options menu, select Synchronization Schedule.
2. Enable Synchronize automatically.
3. Set a preferred synchronization time.
4. Choose a frequency for synchronization, such as 3 times per day or as per your preference.

5. Configure Automatic Approvals

1. Navigate to Options and select Automatic Approvals.
2. Click New Ruleand:
   • Under When an update is in a specific classification, choose All Classifications or the classifications selected earlier.
   • Under When an update is in a specific product, choose All Products or the products selected earlier.
   • Under Approve the update for, select All Computers, including Unassigned Computers.

3. Provide a rule name and click OK to save the rule.
4. In the Advanced tab, ensure necessary options are selected for granular control.

6. Configure Computers Section

1. Go to Options and select Computers.
2. Choose Use Group Policy or Registry settings on computers.

7. Manual Checklist

• Monthly Maintenance:
  • Apply security updates and upgrades to the WSUS server once a month.
  • Manually approve updates that were not auto approved.
• Patch Schedule:
  • Microsoft releases security patches on the second Tuesday of every month.
  • Perform the above maintenance tasks during the second week of each month, preferably on Friday.
• Emergency Patches:
  • Monitor for and apply emergency patches as needed.

References

For further details on WSUS server configuration, refer to the following Microsoft documentation:

https://technet.microsoft.com/en-us/library/cc708460(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/cc708519(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/cc708475(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/cc720525(v=ws.10).aspx

Conclusion:

By following this guide, you can ensure your WSUS server is configured to effectively manage updates, keeping your systems secure and up to date.