Choosing Products to Update- Installing Windows Server 2022

One of the toughest decisions that you will have to make when setting up a network and a WSUS server is which products you (and the IT department) is going to allow in your network environment. The more Microsoft products that you choose, the more updates you will need.

But you have to make sure you choose the products that are needed and make sure those updates get done. Some of the products that we, as IT professionals, need to look at may not be things we think of right away. For example, we want to make sure that when we choose our products, we include Windows Defender.

As stated in the section “Testing and Approving Updates” earlier in this chapter, Windows Defender protects your systems against viruses, spyware, antimalware, and other malicious software. As new viruses get released, we need to make sure we protect our network systems against those viruses. Making sure we always have the up- to- date protection ensures that we can battle these attacks.

Also, as new operating systems come out (for example, Windows Server 2022), we as IT members want to make sure we have the latest security updates and improvements. This will not only ensure that our networks run at peak performance, but it will also ensure that we fix any security loopholes that hackers may have figured out in the operating system.

WSUS Client Requirements

WSUS clients run a special version of Automatic Updates that is designed to support WSUS. The following enhancements to Automatic Updates are included:

       Clients can receive updates from a WSUS server as opposed to the public Microsoft Windows Update site.

           You can schedule when the downloading of updated files will occur.

           Clients can be configured via Group Policy or through editing the Registry.

       Updates can occur when an administrative account or nonadministrative account is logged on.

The following current client platforms are the only ones that WSUS currently supports:

■         Windows 7

■         Windows 8

■         Windows 10

■         Windows 11

         Windows Server 2008 and 2008 R2

         Windows Server 2012 and 2012 R2

        Windows Server 2016

        Windows Server 2019

        Windows Server 2022

Configuring the WSUS Clients

You can configure WSUS clients in two ways. The method you use depends on whether you use Active Directory in your network.

In a non- enterprise network (not running Active Directory), you would configure Automatic Updates through the Control Panel. Each client’s Registry would then be edited to reflect the location of the server providing the automatic updates.

Within an enterprise network, using Active Directory, you would typically see Automatic

Updates configured through Group Policy. Group Policy is used to manage configuration and security settings via Active Directory. Group Policy is also used to specify what server a client will use for Automatic Updates. If Automatic Updates is configured through Group Policy, the user will not be able to change Automatic Updates settings by choosing Control Panel System (for XP) or Windows Update (for Windows 8, Windows 7, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022).

Configuring a Client in a Non–Active Directory Network

The easiest way to configure the client to use Automatic Updates is through the

 Control Panel. However, you can also configure Automatic Updates through the  Registry. The Registry is a database of all your server settings. You can access it by choosing 

Start Run and entering regedit in the Run dialog box. Automatic Updates settings are defined through HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ WindowsUpdate\AU.

Table 3.4 lists some of the Registry options that you can configure for Automatic Updates.

TABLE 3.4 Selected Registry keys and values for Automatic Updates

NoAutoUpdate                           0: Automatic Updates are enabled (default).

1: Automatic Updates are disabled.

2: Notify of download and installation.

3: Autodownload and notify of installation.

4: Autodownload and schedule installation.

5: Automatic Updates is required, but end users can configure.

ScheduledInstallDay

1: Sunday.

2: Monday.

3: Tuesday.

4: Wednesday.

5: Thursday.

6: Friday.

7: Saturday.

UseWUServer                             0: Use public Microsoft Windows Update site.

1: Use server specified in WUServer entry.

To specify what server will be used as the Windows Update server, you edit two Registry keys, which are found here:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

The WUServer key sets the Windows Update server using the server’s HTTP name—f or example, http://intranetSUS.

The WUStatusServer key sets the Windows Update intranet WSUS statistics server by using the server’s HTTP name—f or example, http://intranetSUS.

Configuring a Client in an Active Directory Network

If the WSUS client is part of an enterprise network using Active Directory, you would  configure the client via Group Policy. In Exercise 3.5, we will walk you through the steps needed to configure the Group Policy Object (GPO) for WSUS clients. The Group Policy Management Console (GPMC) must be installed for you to complete this exercise. If you don’t have the GPMC installed, you can install it using the Server Manager utility.

EXERCISE 3.5

Configuring a GPO for WSUS

  1. Open the GPMC by pressing the Windows Key and selecting Administrative Tools Group Policy Management.
  2. Expand the forest, domains, and your domain name. Under your domain name, click Default Domain Policy. Right-c lick and choose Edit.
  3. Under the Computer Configuration section, expand Policies Administrative  Templates Windows Components Windows Update.
  4. In the right pane, double- click the Configure Automatic Updates option. The Configure Automatic Updates Properties dialog box appears. Click the Enabled button. Then, in the drop- down list, choose Auto Download And Notify For Install. Click OK.
  5. Double- click Specify Intranet Microsoft Update Service Location Properties. This setting allows you to specify the server from which the clients will get the updates. Click Enabled. In the two server name boxes, enter //servername (the name of the server on which you installed WSUS in Exercise 3.3). Click OK.
  6. To configure the rescheduling of automatic updates, double- click Reschedule Automatic

Updates Scheduled Installations. You can enable and schedule the amount of time that Automatic Updates waits after system startup before it attempts to proceed with a scheduled installation that was previously missed. Click Enabled. Enter 10 in the Startup (Minutes) box. Click OK.

7. To configure auto- restart for scheduled Automatic Updates installations, double-c lick No Auto- Restart For Scheduled Automatic Updates Installations. When you enable this option, the computer is not required to restart after an update. Enable this option and click OK.

8. Close the GPMC.

Leave a Reply

Your email address will not be published. Required fields are marked *