You can use a GPO to enable client- side targeting. Client machines can be automatically added into the proper computer group once the client computer connects to the WSUS server. Client- side targeting can be a useful tool when you have multiple client computers and you need to automate the process of assigning those computers to computer groups.
You can enable client- side targeting on the WSUS server by clicking the Use Group Policy Or Registry Settings On Client Computers option on the Computers Options page.
- On the WSUS console toolbar, click Options and then click Computer Options.
- In Computer Options, choose one of the following options:
■ If you want to create groups and assign computers through the WSUS console
(server- side targeting), click Use The Move Computers Task In Windows Server Update Services.
■ If you want to create groups and assign computers by using Group Policy settings on the client computer (client- side targeting), click Use Group Policy Or Registry Settings On Computers.
3. Under Tasks, click the Save Settings button and then click OK.
Microsoft has announced that many of their configuration options will eventually be moving to PowerShell, so I will show you some of the available PowerShell commands for updates. Table 3.5 describes PowerShell commands that are available for WSUS administration.
Table 3.5 is just a partial list of PowerShell commands for WSUS. To see a complete list, visit Microsoft’s website at https://docs.microsoft.com/ en- us/powershell/module/updateservices/?view=win10- ps.
TABLE 3.5 WSUS administration commands
Add- WsusComputer This command allows you to add a client computer to a WSUS target group.
Approve- WsusUpdate This allows you to approve an update that can then be applied to clients.
Deny- WsusUpdate This allows you to deny an update.
Get- WsusClassification You can use this command to get the list of all WSUS classifications available on the server.
Get- WsusComputer This command allows you to view the WSUS computer object that represents the client computer.
Understanding Features On Demand
Get- WsusProduct | You can use this command to get the list of all WSUS products available on the server. |
Get- WsusUpdate | This command shows you the WSUS update object and the details about that update. |
Get- WsusServer | This command allows you to view the WSUS update server object. |
Invoke- WsusServerCleanup | This command allows you to initiate the cleanup process on the WSUS server. |
Set- WsusClassification This command sets whether the classifications of updates are enabled on the WSUS server. |
Understanding Features On Demand
One of the problems in previous versions (prior to Windows Server 2012) of Windows
Server was how roles and features were stored on the hard disk. Before the introduction of Windows Server 2012, even if a server role or feature was disabled on a server, the binary files for that role or feature were still present on the disk. The problem with this approach is that, even if you disable the role, it still consumes space on your hard drive.
Features on Demand in Windows Server 2012 solves this issue because not only can you disable a role or feature, you can also completely remove the role or feature’s files. Windows Server 2022 has continued with Features on Demand and you can choose what roles and features you want to use, when you want to use them.
Once this is done, a state of Removed is shown in Server Manager, or the state of Disabled With Payload Removed is shown in the Deployment Image Servicing and Management (Dism.exe) utility. To reinstall a role or feature that has been completely removed, you must have access to the installation files.
We talk about the Deployment Image Servicing and Management (Dism .exe) utility throughout this book. DISM will be discussed in great detail when we discuss Windows imaging.
If you want to remove a role or feature completely from the system, use –Remove with the Windows PowerShell Uninstall- WindowsFeature cmdlet.
If you want to reinstall a role or feature that has been removed completely, use the
Windows PowerShell –Source option of the Install- WindowsFeature Server
Manager cmdlet. Using the –Source option states the path where the WIM image files and the index number of the image will be located. If you decide not to use the –Source option, Windows will use Windows Update by default.
When you’re using the Features on Demand configuration, if feature files are not available on the server computer and the installation requires those feature files, Windows Server 2022 can be directed to get those files from a side- by- side feature store, which is a shared folder that contains feature files. It is available to the server on the network, from Windows Update, or from installation media. This shared folder can be overwritten using the – Source option in the Windows PowerShell utility.
Source Files for Roles or Features |
Offline virtual hard disks (VHDs) cannot be used as a source for installing roles or features that have been completely removed. Only sources for the same version of Windows Server 2022 are supported. |
To install a removed role or feature using a WIM image, follow these steps:
- Run the following command:
Get- windowsimage –imagepath \install.wim
In step 1, imagepath is the path where the WIM files are located.
2. Run the following command:
Install- WindowsFeature featurename -S ource wim: path:index In step 2, featurename is the name of the role or feature from Get- WindowsFeature. path is the path to the WIM mount point, and index is the index of the server image from step 1.
To add or remove a role or feature, you must have administrative rights to the Windows Server 2022 machine.