prajwaldesai.co m http://prajwaldesai.com/managing-wsus-3-0-sp2-on-windows-server/

Managing WSUS 3.0 SP2 on Windows ServerPrajwal Desai

Managing WSUS 3.0 SP2 on Windows Server – In this post we will see managing the WSUSServer, generating reports, we will also explore all the options in the WSUS console. In theprevious post we saw the installation and conf iguration of WSUS 3.0 sp2 on windows server.

What exactly is WSUS synchronization – During synchronization, a WSUS server downloadsupdates (update metadata and f iles) f rom an update source. It also downloads any new productclassif ications and categories. When a WSUS server synchronizes f or the f irst t ime, it downloads all of theupdates that were specif ied in the synchronization options. Af ter the f irst synchronization, a WSUS serverdownloads only updates f rom the update source, metadata revisions f or existing updates, and expirationsto updates.

On the WSUS Server, login with user account wsusadmin, Click Start , click All Programs, clickAdministrative Tools, and then click Windows Server Update Services.

On the lef t hand side of the console click on Synchronizations. This displays the number t imes theSynchronizations has been done ( manually / scheduled).

Right click on one of the Synchronization and click Synchronization Report .

Note : To view this report properly you will require Microsof t Report Viewer :- http://www.microsof t.com/en-in/download/details.aspx?id=6576. The report generated is shown in the below screenshot. In thesynchronization report , under report options we see the start t ime and end t ime of synchronization,report created date and t ime and the server used f or reporting data. Under synchronization summarywe see that there are 472 new updates that have been synchronized.

Lets now move on to reports. We f ind lot of options related to reports which includes Update reports,Computer reports, Synchronization reports.

Update Status summary – This report shows the summary of update status displaying one page perupdate. The report inf ormation includes the update description, Product category, MSRC SeverityRating, MSRC Number.

Update Detailed Status – This report shows the summary of update status displaying update status ofall computers f or each update.

Update Tabular Status – This report shows the summary of update in tabular view. The report can beexported to a spreadsheet.

Update Tabular Status for Approved Updates – This report is similar to the Update Tabular Status,the update status is shown only f or approved updates.

Computer Status Summary – This report shows the summary of computer status with one page percomputer.

Computer Detailed Status – This report shows details of each computer ’s status with update status f oreach update.

Computer Tabular Status – This report shows summary of computer update status in tabular view.

Computer Tabular Status for Approved Updates – This report shows summary of computer updatestatus in tabular view f or approved updates.

Synchronization Reports – This report shows the results of last synchronization. the report inf ormationincludes start t ime and end t ime of synchronization, report created date and t ime and the serverused f or reporting data.

Click on Update status summary.

We see f ew options f or New report type : Summary Report , Detailed Report , Tabular Report .

Set the report type to Summary Report . For Include updates for these products, click on any productand select windows 7. Now click on Run Report .

The summary report is now generated.

Lets move on and see the options in WSUS console . There are many options here and lets see one byone.

Update Proxy Source and Server – To synchronize the updates, we have to choose the upstreamserver. The updates can be synchronized f rom microsoft update or if there is any existing WSUS server,we can choose that WSUS server as our upstream server.

Products and Classif ications – Includesthe list of products f or which updates arerequired and Classif ications include typesof updates.

Update f iles and Languages – Includesoptions to download the updates tolocal machine , download updates whenapproved and download the updatesdirectly from Microsoft Update .

Synchronization Schedule – You canchoose to synchronize the updatesmanually or you can select Synchronizeautomatically. You can setsynchronizations per day to 24 and that’sthe max value.

Automatic Approval – With this optionyou can specif y to approve the updatesin a particular classif ication, choosethe product category and approve theupdate to computer group.

Computers – There are 2 options here.

Use the Update Services console – Thenew computers will be added tounassigned computers group.

Use Group Policy or registry sett ingson computer – You can use grouppolicy/registry settings to classif y or groupthe computers.

WSUS Server Cleanup Wizard – Thiswizard will clean up unused updates,computers that have not contacted wsusserver f or 30 days or more, unneededupdate f iles, expired and supersededupdates. Click Next.

Click f inish to close the Wizard.

Email Notif ications – The WSUS administrators can now get the notif ications of new updates and statusreports by conf iguring email notif ications. You can generate the notif ications and send it to recipients /group which includes WSUS administrators.

Under Email Server, specif y the SMTPserver IP, port number 25, under logoninformation check My SMTP serverrequires authentication. provide the username and password. Click Test , if youreceive the notif ication to the recipientaddress then you are conf igured itcorrectly. If you don’t get notif ication mailthen check the SMTP server settingsagain.

Personalization – You can personalize theway the server inf ormation is displayed.The inf ormation can be computers andstatus info of all downstream servers oronly the local server.

WSUS Server Conf iguration Wizard – Ifyou want to reconf igure the above options

you can choose to launch the WSUSserver conf iguration wizard.

Managing WSUS 3.0 SP2 from command line – You can use the wsusutil command-line utility that isprovided with Windows Server Update Services (WSUS) 3.0 SP2 to manage WSUS. The wsusutil tool islocated in the WSUSInstallDrive:\WSUSInstallDirectory\Tools f older on WSUS servers. More inf ormationon Managing WSUS 3.0 f rom command line can be f ound here.

We will not execute all the wsusutil options here, however we will see f ew important commands.

wsusutil.exe checkhealth – This command checks the health of the WSUS server. The health check isconf igured by wsusutil healthmonitoring. The results are written to the event logs.

Open the Event Viewer, under Server Roles, click Windows Server Update Services. Double click thef irst event, we see that the WSUS is working correctly.

wsusutil list inactiveapprovals – Returns a list of approved update tit les that are in a permanentlyinactive state because of a change in server language settings. If you change language options on anupstream WSUS server, the number of approved updates on the upstream server may not match thenumber of approved updates on a replica server. You can use list inactiveapprovals to see a list of theupdates on the parent upstream server that are permanently inactive. If you f ind any inactive approvals youcan use wsusutil removeinactiveapprovals to remove the inactive approvals.

We will surely explore all the other wsusutil commands in the coming posts. In the next topic we will seemore on Troubleshooting issue related to WSUS Server.