Pic0o Posted December 17, 2009 Report Share Posted December 17, 2009 Windows Server Update Services is a package you can run for deploying Windows updates on your network to multiple machines. The main advantages are that Only the server will need to download the updates, not every client PC, and even more handy is that you can get updates out to client machines, without requiring them all to have outbound Internet access. Setting up the Server Portion is pretty clear, it's the Client configuration that gets a little fuzzy. After failing by the MS sites, I combed around and found that the WSUS help docs in the utility give you the info you need... Edit the Group Policy on the client machines, to hit your Inhouse update server. When you are splicing away at gpedit.msc, you want to goto the Computer Configuration | Administrative Templates | Windows Components | Windows Update area. In there Specify intranet MS Update Service location and Client-Side Targeting are handy to start with. On the WSUS Server, you can make your Groups for machines. I am going with a Server and Employee list, just to keep things moderately clean and clear. This group name is what you'd plug into the Client side option. So far, testing is going well. The main issue to resolve, is that for the updates to install, someone must click the yellow shield '!' taskbar icon. We all know how likely people are to blow that off. I will continue with my tinkering and share what I find, as going to every PC when Criticals get published, is highly not in my interests. :pukeface: Link to comment
Pic0o Posted January 12, 2010 Author Report Share Posted January 12, 2010 Bump, as I found this excellent command for forcing a check on client machines, when you set them to the WSUS server. wuauclt.exe /detectnow I had a machine that didn't want to show up on the server and I wasn't looking forward to playing reboot games to make it happen. I ran the command, and the Rig popped right into my WSUS PC list, in about 2 minutes. Before the command, I had no show for the machine for about an hour, while another PC was in within minutes. Link to comment
Pic0o Posted May 8, 2015 Author Report Share Posted May 8, 2015 WSUS is still a thing today. When running on a Windows 2012 Server, you will want to specify the port accessing WSUS. You may think port 80, but it is actually port 8530. Add that to your Target path URL if deploying via Active Directory with an :8530 after the server address. After doing that, you should then see your domain client machines contacting the WSUS server and being into the Unassigned computers list. Also here is a visual configuration guide, as this is where I got the correct port from. Link to comment
2.png.90d30c8617e1b66c2349f1824310df42.thumb.png.9fbd2fa009e7dc9f29f24a22eded5e3f.png)
Recommended Posts