Sei sulla pagina 1di 34
How To Install WSUS Server
How To Install
WSUS Server

Mathew Mozer |

Mathew Mozer |

1

Mathew Mozer | 1

Contents

PRE-SETUP INFORMATION

3

Download Software

3

SET UP ROLES PRIOR TO INSTALLING WSUS

4

Setup IIS

4

INSTALL AND CONFIGURE MS REPORT VIEWER SQL SERVER EXPRESS

7

Install MS Report Viewer

7

Install

SQL Express

8

INSTALLATION AND CONFIGURATION OF WSUS SP1

10

Installation

10

Configuration

13

CREATING / EDITING GPO’S

Modifying Policies

19

20

CLIENT INSTALLATION

23

SECURING WSUS USING SSL

24

Adding Active Directory Certificate Services

24

Configuring Certificate Authority

25

Installing SSL on IIS

27

REPORTING

33

Mathew Mozer |

Mathew Mozer |

2

Mathew Mozer | 2

Pre-Setup Information

First you will need to install windows server 2008 with partitions that will be sufficient to handle WSUS

Windows Server 2008 will need a primary partition of approximately 20gb and you will also need about a 70gb partition for the update partition. We will go over this later.

Download Software Once you have server 2008 installed you will need to download:

MS Report Viewer

http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C-474C-

9D57-05B2347456B1&displaylang=en

SQL Server express 2005 http://go.microsoft.com/fwlink/?linkid=65212

Mathew Mozer | Pre-Setup Information

Mathew Mozer | Pre-Setup Information

3

Mathew Mozer | Pre-Setup Information 3

Set up Roles Prior to installing WSUS

Setup IIS

1. You will need to setup up your server as a Web server using IIS.

2. Run Server manager and select roles.

3. Select Web server and click next

and select roles. 3. Select Web server and click next 1. Click next at the next

1. Click next at the next window to begin setup of our web server.

2. First we will need to set the security setting to windows authentication.

3. Under application development we will need to select asp.net.

4. Under management tools select “IIS 6 management compatibility.”

management tools select “IIS 6 management compatibility.” Mathew Mozer | Set up Roles Prior to installing

Mathew Mozer | Set up Roles Prior to installing WSUS

4

1. After you click next you will be confronted with a confirm installation screen. 2.
1. After you click next
you will be
confronted with a
confirm installation
screen.
2. Click install to begin
the installation.
Begin installing Web server
software.

Mathew Mozer |

5

As you can see in the roles frame of the server manager window you can
As you can see in the roles frame of the server manager window you can see the Web Server is added into roles
summary.

Mathew Mozer |

6

Install and configure MS Report Viewer SQL Server Express.

Install MS Report Viewer

1. Run the Microsoft report viewer setup. You will see this screen first.

1. Run the Microsoft report viewer setup. You will see this screen first.

2. Click Next.

1. Accept the license agreement if you have read and agree.

1. Accept the license agreement if you have read and agree.

2. click next

Setup should complete and you should see this

Setup should complete and you should see this

screen.

Click finish

Mathew Mozer | Install and configure MS Report Viewer SQL Server Express.

7

Install SQL Express

1. Run the SQL Express installer.

2. You should be presented with this screen.

3. Choose Run program to continue with installation.

1. You must accept the license agreement to continue the setup process.

2. Click next

to continue with installation. 1. You must accept the license agreement to continue the setup process.
to continue with installation. 1. You must accept the license agreement to continue the setup process.
to continue with installation. 1. You must accept the license agreement to continue the setup process.
to continue with installation. 1. You must accept the license agreement to continue the setup process.
to continue with installation. 1. You must accept the license agreement to continue the setup process.

Mathew Mozer | Install and configure MS Report Viewer SQL Server Express.

Mathew Mozer | Install and configure MS Report Viewer SQL Server Express.

8

Mathew Mozer | Install and configure MS Report Viewer SQL Server Express. 8

1. It now shows you all the components that are going to be installed.

1. It now shows you all the components that are going to be installed.

2. Click Install.

1. Installation should be complete and this screen should appear.

1. Installation should be complete and this screen should appear.

2. Click next to continue

Mathew Mozer | Install and configure MS Report Viewer SQL Server Express.

9

Installation and configuration of WSUS SP1

Installation

1. This is the initial screen of the WSUS SP1 setup wizard.

2. Choose next.

initial screen of the WSUS SP1 setup wizard. 2. Choose next. 1. Choose full server installation

1. Choose full server installation so we can also get the administration console.

2. Click next.

we can also get the administration console. 2. Click next. 1. Once again you must accept

1. Once again you must accept the License agreement

2. Click next.

again you must accept the License agreement 2. Click next. Mathew Mozer | Installation and configuration

Mathew Mozer | Installation and configuration of WSUS SP1

10

1. We change the folder path to a drive that has a enough space to hold all updates that are available.

1. We change the folder path to a drive that has a enough space to hold

2. Click Next

1. Keep default settings

1. Keep default settings

2. Click next.

Mathew Mozer | Installation and configuration of WSUS SP1

Mathew Mozer | Installation and configuration of WSUS SP1

11

Mathew Mozer | Installation and configuration of WSUS SP1 11

1. Choose to keep the existing IIS default website.

2. Choose next.

The wizard is successfully completed the installation.

1. Choose to keep the existing IIS default website. 2. Choose next. The wizard is successfully
1. Choose to keep the existing IIS default website. 2. Choose next. The wizard is successfully
1. Choose to keep the existing IIS default website. 2. Choose next. The wizard is successfully

Mathew Mozer | Installation and configuration of WSUS SP1

Mathew Mozer | Installation and configuration of WSUS SP1

12

Mathew Mozer | Installation and configuration of WSUS SP1 12

Configuration

1. You will be presented with the WSUS configuration screen click next till you are
1. You will be presented with
the WSUS configuration
screen click next till you
are presented with this
screen.
2. You should change the
option bubble to
synchronize with another
WSUS server.
3. Set it to 10.145.145.14
with port 80 which is
default. (172.16.1.100)
1. Choose Start connect to
connect to the server you
previously entered in the
last screen.
Watch the status bar move. It will
synchronize 10% then allow you to
move on.

Mathew Mozer | Installation and configuration of WSUS SP1

13

1. Choose the languages you need and choose next. I only needed English. 1. Now
1. Choose the languages you
need and choose next. I only
needed English.
1. Now its time to choose
when you synchronize your
time to update.
2. I choose to update
automatically at 3:22 am.
3. Choose next

Mathew Mozer | Installation and configuration of WSUS SP1

14

1. Keep the current settings on this screen. 2. Click “next” 1. Click options on
1. Keep the current settings on this
screen.
2. Click “next”
1. Click options on the left side then
click update files and languages.
2. Then this window will show up.
3. Choose to download express
installation files.
4. click ok.
If you are currently synchronizing you
will have to wait till this that is
complete to save these settings.

Mathew Mozer | Installation and configuration of WSUS SP1

15

1. From the options link in the left pane choose automatic approvals.

2. After you this window appears click all classifications which normally isn’t a good practice but we are just doing it for this exercise.

1. Get the properties of the computers by clicking the computer settings in the option pane

1. Create a Server and a Vista Group in WSUS

of the computers by clicking the computer settings in the option pane 1. Create a Server
of the computers by clicking the computer settings in the option pane 1. Create a Server
of the computers by clicking the computer settings in the option pane 1. Create a Server
of the computers by clicking the computer settings in the option pane 1. Create a Server

Mathew Mozer | Installation and configuration of WSUS SP1

Mathew Mozer | Installation and configuration of WSUS SP1

16

Mathew Mozer | Installation and configuration of WSUS SP1 16

1. Create a Server and a Vista Group in WSUS

1. Create a Server and a Vista Group in WSUS 1. Click the + on the

1. Click the + on the left pane next to “Updates”

2. click all updates

3. Click the dropdown box next to status in the main pane

4. choose any In the approval drop down.

5. Choose unapproved.

choose any In the approval drop down. 5. Choose unapproved. 1. Select all of the updates

1. Select all of the updates in the table

2. click approve on all

all of the updates in the table 2. click approve on all Mathew Mozer | Installation

Mathew Mozer | Installation and configuration of WSUS SP1

17

1. Wait for all updates to be approved 2. Click Close
1. Wait for all updates to be approved
2. Click Close

Your have now completed the installation and configuration.

Mathew Mozer | Installation and configuration of WSUS SP1

18

Creating / Editing GPO’s

Go to the group policy manager and edit the “Default domain Policy” 1. Expand Computer
Go to the group policy manager and
edit the “Default domain Policy”
1. Expand Computer
Configuration
2. Expand policies
3. Expand admin templates
4. Expand windows
components
5. Expand Windows update

Mathew Mozer | Creating / Editing GPO’s

19

Modifying Policies

1. In windows components go to Windows Update. Modify these 3 Policies

1. In windows components go to Windows Update. Modify these 3 Policies

1. Put https:// and the FQDN of your server in the “specify intranet Microsoft update service location”

1. Put https:// and the FQDN of your server in the “specify intranet Microsoft update service

1. Select Automatic detection frequency properties.

1. Select Automatic detection frequency properties.

2. Choose enabled set which interval you want

Mathew Mozer | Creating / Editing GPO’s

Mathew Mozer | Creating / Editing GPO’s

20

Mathew Mozer | Creating / Editing GPO’s 20
1. Right click the domain controller. 2. select create GPO in new OU 1. Click
1.
Right click the domain
controller.
2.
select create GPO in new OU
1.
Click ok

Mathew Mozer | Creating / Editing GPO’s

Mathew Mozer | Creating / Editing GPO’s

21

Mathew Mozer | Creating / Editing GPO’s 21

1.

Edit the GPO you just created by right clicking and choose edit.

1. Edit the GPO you just created by right clicking and choose edit.

2. Expand Computer Configuration

3. Expand policies

4. Expand admin templates

5. Expand windows components

6. Expand Windows update Enable Client Side

 

Targeting and point it to the group you created in the WSUS

 

1.

Do the above steps in the default domain controller GPO. And set the group name to the group you created in WSUS for servers.

the above steps in the default domain controller GPO. And set the group name to the

Mathew Mozer | Creating / Editing GPO’s

Mathew Mozer | Creating / Editing GPO’s

22

Mathew Mozer | Creating / Editing GPO’s 22

Client Installation

Once you connect any computer to the domain. It will automatically sync to WSUS and
Once you connect any computer to the
domain. It will automatically sync to
WSUS and you can check for updates

Mathew Mozer | Client Installation

23

SECURING WSUS USING SSL

Adding Active Directory Certificate Services

1. Open Server Manager and click at a role.

1. Open Server Manager and click at a role.

2. Click next after you click active directory certificate services.

3. Click next

1. When you click certification authority there are other dependencys and you will need to add those too.

1. When you click certification authority there are other dependencys and you will need to add

1.

Click Next

1. Click Next

Mathew Mozer | SECURING WSUS USING SSL

24

Configuring Certificate Authority

1. Use enterprise version because it stores the certificate in Active Directory. 1. Choose Root
1. Use enterprise version
because it stores the
certificate in Active
Directory.
1. Choose Root CA if this is the
only server.
Create a new private key unless you
have one but on a fresh install you
don’t.

Mathew Mozer | SECURING WSUS USING SSL

25

1. Keep default settings 2. Click next 1. Keep Defaults 2. Click Next
1. Keep default settings
2. Click next
1. Keep Defaults
2. Click Next

Mathew Mozer | SECURING WSUS USING SSL

26

Installing SSL on IIS

1. Open Server Manager 2. Expand Roles 3. Expand Web Server 4. Click server name
1. Open Server Manager
2. Expand Roles
3. Expand Web Server
4. Click server name under
connections
5. Dbl click server certificates
in the center pane
6. On the very right pane
choose “Create domain
certificate”.
1. The common name is the
computername + domain name
2. Everything else can be anything

Mathew Mozer | SECURING WSUS USING SSL

27

1. click “select” button next to specify online certificate 1. Specify exact FQDN as the
1. click “select” button next to
specify online certificate
1. Specify exact FQDN as the
friendly name

Mathew Mozer | SECURING WSUS USING SSL

28

1. Expand site and default web site 1. Click default web site then bindings on
1.
Expand site and default web
site
1. Click default web site then
bindings on the right side
2.
Click add

Mathew Mozer | SECURING WSUS USING SSL

29

1. Choose the SSL certificate you created earlier and change the type to HTTPS with
1. Choose the SSL
certificate you created
earlier and change the
type to HTTPS with all
assigned addresses
1. Click clientwebserver
under default side in
the IIS settings.
2. Dbl click ssl settings

Mathew Mozer | SECURING WSUS USING SSL

30

1. Select require

SSL

2. Click apply

1. Select require SSL 2. Click apply 1. Select Simpleauthweb service 2. Enable SSL and click

1. Select Simpleauthweb service

2. Enable SSL and click apply

2. Click apply 1. Select Simpleauthweb service 2. Enable SSL and click apply Mathew Mozer |

Mathew Mozer | SECURING WSUS USING SSL

31

1. Select Dssauthwebservice 2. Enable SSL and click apply 1. Select Serversyncwebservice 2. Enable SSL
1. Select Dssauthwebservice
2. Enable SSL and click apply
1. Select Serversyncwebservice
2. Enable SSL

Mathew Mozer | SECURING WSUS USING SSL

32

Reporting

1. Open WSUS from administration tools 2. Click reports on the right pane 3. Click
1. Open WSUS from
administration tools
2. Click reports on the
right pane
3. Click update
detailed status

Mathew Mozer | Reporting

33

4. Reports are now being generated for all updates 5. This is a report that
4. Reports are now
being generated for
all updates
5. This is a report that
was ran to show
updates that were
successfully
installed.

Mathew Mozer | Reporting

34