Scribd
Upload
4 views19 pages

Module 12 - Implementing Update Management

Uploaded by

marcel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views19 pages

Module 12 - Implementing Update Management

Uploaded by

marcel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

13.03.

2015 Module 12: Implementing Update Management

Module 12: Implementing Update Management

Contents:

Module Overview

Lesson 1: Overview of WSUS

Lesson 2: Deploying Updates with WSUS

Lab: Implementing Update Management

Module Review and Takeaways

Module Overview

Windows Server® Update Services (WSUS) improves security by applying security updates
to servers in a timely way. It provides the infrastructure to download, test, and approve
security updates. Applying security updates quickly helps prevent security incidents that are a
result of known vulnerabilities. While implementing WSUS, you must keep in mind the
hardware and software requirements for WSUS, the settings to configure, and the updates to
approve or remove according to your organization’s needs.

Objectives
After completing this module, you will be able to:

• Describe the role of WSUS.

• Deploy updates with WSUS.

Lesson 1 : Overview of WSUS


https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 1/19
13.03.2015 Module 12: Implementing Update Management

The WSUS role provides a central management point for updates to your Windows®
operating system computers. By using WSUS, you can create a more efficient update
environment in your organization, and stay better informed of the overall update status of the
computers on your network. This lesson introduces you to WSUS, and describes the key
features of the WSUS server role.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe WSUS.

• Explain the WSUS update management process.

• Identify the server requirements for WSUS.

What Is WSUS?

WSUS is a server role included in the Windows Server 2012 operating system, and that
downloads and distributes updates to Windows clients and servers. WSUS can obtain updates
that are applicable to the operating system and common Microsoft applications such as
Microsoft® Office and Microsoft SQL Server®.

In the simplest configuration, a small organization can have a single WSUS server that
downloads updates from Microsoft Update. The WSUS server then distributes the updates to
computers that are configured to obtain automatic updates from the WSUS server. You must
approve the updates before clients can download them.

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 2/19
13.03.2015 Module 12: Implementing Update Management

Larger organizations can create a hierarchy of WSUS servers. In this scenario, a single
centralized WSUS server obtains updates from Microsoft Update, and other WSUS servers
obtain updates from the centralized WSUS server.

You can organize computers into groups to simplify the approval of updates. For example,
you can configure a pilot group to be the first set of computers that are used for testing
updates.

WSUS can generate reports to help with monitoring of update installation. These reports can
identify which computers have not applied recently approved updates. Based on these reports,
you can investigate why updates are not being applied.

The WSUS Update Management Process

The update management process allows you to manage and maintain WSUS and the updates
retrieved by WSUS. This process is a continuous cycle during which you can reassess and
adjust the WSUS deployment to meet changing needs. The four phases in the update
management process are:

• Assess

• Identify

• Evaluate and plan

• Deploy

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 3/19
13.03.2015 Module 12: Implementing Update Management

The Assess Phase


The goal for the assess phase is to set up a production environment that supports update
management for routine and emergency scenarios. The assess phase is an ongoing process that
you use to determine the most efficient topology for scaling the WSUS components. As your
organization changes, you might identify the need to add more WSUS servers in different
locations.

The Identify Phase


The identify phase is concerned with identifying new updates that are available and
determining whether they are relevant to the organization. You have the option to configure
WSUS to retrieve all updates automatically, or to retrieve only specific types of updates.
WSUS also identifies which updates are relevant to registered computers.

The Evaluate and Plan Phase


After relevant updates have been identified, you need to evaluate whether they work properly
in your environment. It is always possible that the specific combination of software in your
environment might have problems with an update.

To evaluate updates, you should have a test environment in which you can apply updates to
verify proper functionality. During this time, you might identify dependencies that enable an
update to function properly, and you can plan any changes that need to be made.

The Deploy Phase


After you have thoroughly tested an update and determined any dependencies, you can
approve it for deployment in the production network. Ideally, you should approve the update
for a pilot group of computers before approving the update for the entire organization.

Server Requirements for WSUS

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 4/19
13.03.2015 Module 12: Implementing Update Management

You can use Server Manager to install and configure the WSUS server role. However, for you
to be able to implement WSUS, your server must meet some minimum hardware and software
requirements.

The software required for WSUS 3.0 SP2 includes:

• Windows Server 2012, Windows Server 2008 R2, Windows Server 2008 Service Pack 1
(SP1) or newer, Windows Server 2003 SP1 or newer, Windows Small Business Server
2008, or Windows Small Business Server 2003

• Internet Information Services (IIS) 6.0 or newer

• Microsoft .NET Framework 2.0 or newer

• Microsoft Management Console (MMC) 3.0

• Microsoft Report Viewer Redistributable 2008 or newer

• SQL Server 2012, SQL Server 2008, SQL Server 2005 SP2, or Windows Internal Database

The minimum hardware requirements for WSUS are approximately the same as the minimum
hardware requirements for Windows Server operating systems. However, you must consider
disk space as part of your deployment. A WSUS server requires about 10 gigabytes (GB) of
disk space, and you should allocate at least 30 GB of disk space for the downloaded updates.

A single WSUS server can support thousands of clients. For example, a single WSUS server
with 4 GB of RAM and dual quad­core CPUs can support up to 100,000 clients. However, in
most cases, an organization with that many clients will likely have multiple WSUS servers to
https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 5/19
13.03.2015 Module 12: Implementing Update Management

reduce the load on wide area network (WAN) links.

Lesson 2: Deploying Updates with WSUS

This lesson explains the specifics of deploying updates with WSUS to client computers.
Deploying updates to Windows update clients through WSUS can provide numerous benefits.
You can configure updates to be downloaded, approved, and installed automatically, without
the input of an administrator. Alternatively, you can exercise more control of the update
process and provide a controlled environment in which to deploy updates. You can perform
testing on an isolated test computer group before approving an update for approval in your
entire organization.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe how to configure the Automatic Updates feature to use WSUS.

• Explain how to administer WSUS.

• Identify computer groups in WSUS.

• Describe the options for approving WSUS updates.

Configuring Automatic Updates

When you enable the Automatic Updates feature on a server, the default configuration

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 6/19
13.03.2015 Module 12: Implementing Update Management

automatically downloads updates from Microsoft Update and installs them. After you have
implemented WSUS, your clients should be configured to obtain updates automatically from
the WSUS server instead.

The location from which Automatic Updates obtains updates is controlled by a registry key.
Although it is possible to configure the registry key manually by using the Regedit tool, this is
not recommended except when the computer is not in a domain. If a computer is in a domain,
it is much more efficient to create a Group Policy Object (GPO) that configures the registry
key.

For Active Directory® Domain Services (AD DS) environments, Automatic Updates are
typically configured in a GPO by configuring the settings located under Computer
Configuration. To locate the settings, expand Policies, expand Administrative Templates,
expand Windows Components, and then locate the Windows Updates node.

In addition to configuring the source for updates, you can also use a GPO to configure the
following settings:

• Update frequency. This setting determines how often the updates are detected.

• Update installation schedule. This setting determines when updates are installed. This
setting also determines when updates are rescheduled for, when updates cannot be installed
at the scheduled time.

• Automatic restart behavior. This setting determines whether the computer will restart
automatically if required by an update.

• Default computer group in WSUS. This setting determines the computer group in which the
computer will be registered during initial registration with WSUS.

WSUS Administration

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 7/19
13.03.2015 Module 12: Implementing Update Management

The WSUS administration console is an MMC snap­in that you can use to administer WSUS.
You can use this tool to:

• Identify and download updates.

• Approve updates for deployment.

• Organize computers into groups.

• Review the update status of computers.

• Generate reports.

Monitoring is an essential part of maintaining a service. WSUS logs detailed health


information to the event log. In addition, you can download a management pack to facilitate
monitoring in Microsoft System Center 2012 ­ Operations Manager.

Controlling Updates on Client Computers


Client computers perform updates according to either manual configuration or, in most AD
DS environments, Group Policy. In some cases, you might want to initiate the update process
outside of the normal update schedule. You can use the wuauclt.exe tool to control the auto­
update behavior on Windows Update client computers. The following command initiates the
detection of Microsoft Updates from the Windows Update source.

Wuauclt.exe /detectnow

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 8/19
13.03.2015 Module 12: Implementing Update Management

Administration with Windows PowerShell®


In Windows Server 2012, WSUS includes Windows PowerShell cmdlets that you can use to
manage your WSUS server. The following table lists these cmdlets.

cmdlet Description

Add­WsusComputer Adds a specified client computer to a specified target group.

Approve­WsusUpdate Approves an update to be applied to clients.

Deny­WsusUpdate Declines the update for deployment.

Get­WsusClassification Gets the list of all WSUS classifications currently available in the system.

Get­WsusComputer Gets the WSUS computer object that represents the client computer.

Get­WsusProduct Gets the list of all products currently available on WSUS by category.

Get­WsusServer Gets the value of the WSUS update server object.

Get­WsusUpdate Gets the WSUS update object with details about the update.

Invoke­WsusServerCleanup Performs the process of cleanup on a specified WSUS server.

Set­WsusClassification Sets whether the classifications of updates that WSUS synchronizes are
enabled or disabled.

Set­WsusProduct Sets whether the product representing the category of updates to


synchronize is enabled or disabled.

Set­WsusServerSynchronization Sets whether the WSUS server synchronizes from Microsoft Update, or
from an upstream server and uses the upstream server properties.

What Are Computer Groups?

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontSi… 9/19
13.03.2015 Module 12: Implementing Update Management

Computer groups are a way to organize the computers to which a WSUS server deploys
updates. The two computer groups that exist by default are All Computers and Unassigned
Computers. New computers that contact the WSUS server are assigned automatically to both
of these groups.

You can create custom computer groups for controlling how updates are applied. Typically,
custom computer groups contain computers with similar characteristics. For example, you
might create a custom computer group for each department in your organization. You can also
create a custom computer group for a test lab where you first deploy updates for testing. You
would also typically group servers separate from client computers.

When you manually assign new computers to a custom computer group, it is called server­
side targeting. You can also use client­side targeting to assign computers to a custom
computer group. To use client­side targeting, you need to configure a registry key or GPO for
the computer that specifies the custom computer group to be joined during initial registration
with the WSUS server.

Server­side targeting enables administrators to manage WSUS computer group membership


manually. This is useful when the AD DS structure does not support the logical client­side for
computer groups, or when computers need to be moved between groups for testing or other
purposes. Client­side targeting is used most commonly in large organizations where
automated assignment is required and computers must be assigned to specific groups.

Approving Updates

The default configuration for WSUS does not automatically approve updates for application
to computers. Although it is possible to automatically approve updates, it is not
https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 10/19
13.03.2015 Module 12: Implementing Update Management

recommended. The recommended process for approving updates is to first test updates in a lab
environment, then a pilot group, and only then to the production environment. This process
reduces the risk of an update causing an unexpected problem in your production environment.
You would perform this process by approving updates for specific groups of computers before
approving the update for the All Computers group.

Some updates are not considered critical and do not have any security implications. You
might decide not to implement some of these updates. For any updates that you decide not to
implement, you can decline the update. After an update is declined, it is removed from the list
of updates on the WSUS server in the default view.

If you apply an update and find that it is causing problems, you can use WSUS to remove that
update. However, the update can be removed only if that specific update supports removal.
Most updates support removal.

When you look at the details of an update, it will indicate if the update is superseded by
another update. Superseded updates are typically no longer required, because a newer update
includes the changes in this update and more. Superseded updates are not declined by default,
because in some cases they are still required. For example, the older update might be required
if some servers are not running the latest service pack.

Lab: Implementing Update Management

Scenario
A. Datum is a global engineering and manufacturing company with head office based in
London, UK. An IT office and a data center are located in London to support the London
location and other branch office locations. A. Datum has recently deployed a Windows Server
2012 server and client infrastructure.

A. Datum has been manually applying updates to servers in a remote location. This has
resulted in difficulty identifying which servers have updates applied and which do not. This is
a potential security issue. You have been asked to automate the update process by extending
A. Datum’s WSUS deployment to include the branch office.

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 11/19
13.03.2015 Module 12: Implementing Update Management

Objectives
After completing this lab, you will be able to:

• Implement the WSUS server role.

• Configure update settings.

• Approve and deploy an update by using WSUS.

Lab Setup
Estimated Time: 60 minutes

Virtual machines 20411B­LON­DC1


20411B­LON­SVR1
20411B­LON­SVR4
20411B­LON­CL1

User Name Adatum\Administrator

Password Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab,
you must complete the following steps:

1. On the host computer, click Start, point to Administrative Tools, and then click
Hyper­V Manager.

2. In Hyper­V® Manager, click 20411B­LON­DC1, and in the Actions pane, click Start.

3. In the Actions pane, click Connect. Wait until the virtual machine starts.

4. Log on using the following credentials:

o User name: Adatum\Administrator

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 12/19
13.03.2015 Module 12: Implementing Update Management

o Password: Pa$$w0rd

5. Perform steps 2 through 4 for 20411B­LON­SVR1, 20411B­LON­SVR4, and 20411B­


LON­CL1.

Exercise 1: Implementing the WSUS Server Role

Scenario

Your organization already has a WSUS server called LON­SVR1, which is located in the head
office. You need to install the WSUS server role on LON­SVR4 at a branch location. LON­
SVR4 will use LON­SVR1 as the source for Windows Update downloads. The installation on
LON­SRV4 will use the Windows Internal Database for the deployment.

The main tasks for this exercise are as follows:

1. Install the Windows Server Update Services (WSUS) server role.

2. Configure WSUS to synchronize with an upstream WSUS server.

Task 1: Install the Windows Server Update Services (WSUS) server role

1. Log on to LON­SVR4 as Adatum\Administrator with a password of Pa$$w0rd.

2. From Server Manager, install the Windows Server Update Services role with the WID
Database and WSUS Services Role Services. Also configure the updates location as
C:\WSUSUpdates.

3. Open the Windows Server Update Services console and complete the installation when
prompted.

4. On the Windows Server Update Services Configuration Wizard, click Cancel.

5. Close the Update Services console.

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 13/19
13.03.2015 Module 12: Implementing Update Management

Task 2: Configure WSUS to synchronize with an upstream WSUS server

1. On LON­SVR4, complete the Windows Server Update Services Configuration Wizard,


specifying the following settings:

o Upstream Server: LON­SVR1.Adatum.com

o No proxy server

o Default languages

o Manual sync schedule

o Begin initial synchronization

2. In the Windows Server Update Services console, under Options, set the Computers to
Use Group Policy or registry settings on computers.

Results: After completing this exercise, you should have implemented the WSUS server
role.

Exercise 2: Configuring Update Settings

Scenario

You need to configure the Group Policy settings to deploy automatic WSUS settings to client
computers. With the WSUS role configured on LON­SVR4, you must ensure that the
Research department has its own computer group in WSUS on LON­SVR4. You must also
configure client computers in the Research OU to use LON­SVR4 as their source for updates.

The main tasks for this exercise are as follows:

1. Configure WSUS groups.

2. Configure Group Policy to deploy WSUS settings.

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 14/19
13.03.2015 Module 12: Implementing Update Management

3. Verify the application of Group Policy settings.

4. Initialize Windows Update.

Task 1: Configure WSUS groups

1. On LON­SVR4, if necessary, open the Windows Server Update Services console.

2. Create a new computer group named Research.

Task 2: Configure Group Policy to deploy WSUS settings

1. Switch to LON­DC1.

2. Open Group Policy Management.

3. Create and link a new GPO to the Research OU named WSUS Research, and configure
the following policy settings under the Windows Update node:

o Configure Automatic Updates: Auto download and schedule the install

o Microsoft Update service location: http://LON­SVR4.Adatum.com:8530

o Intranet statistics server: http://LON­SVR4.Adatum.com:8530

o Client­side targeting group: Research

4. Move LON­CL1 to the Research OU.

Task 3: Verify the application of Group Policy settings

1. Switch to LON­CL1.

2. Restart LON­CL1.

3. On LON­CL1, log on as Adatum\Administrator with a password of Pa$$w0rd.

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 15/19
13.03.2015 Module 12: Implementing Update Management

4. Open a command prompt by using the Run as Administrator option.

5. At the command prompt, run the following command:

Gpresult /r

6. In the output of the command, confirm that under Computer Settings, WSUS Research
is listed under Applied Group Policy Objects.

Task 4: Initialize Windows Update

1. On LON­CL1, at the command prompt, type the following command, and then press
Enter:

Wuauclt.exe /reportnow /detectnow

2. Switch to LON­SVR4.

3. In the Update Services console, expand Computers, All Computers, and then click
Research.

4. Verify that LON­CL1 appears in the Research Group. If it does not then repeat steps 1­
3. It may take several minutes for LON­CL1 to display.

5. Verify that updates are reported as needed. If there are not updates reported, repeat steps
1­3. It may take 10­15 minutes for updates to register.

Results: After completing this exercise, you should have configured update settings for
client computers.

Exercise 3: Approving and Deploying an Update by Using WSUS

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 16/19
13.03.2015 Module 12: Implementing Update Management

Scenario

After you have configured the Windows Update settings, you can now view, approve, and
then deploy required updates. You have been asked to use LON­CL1 as a test case for the
Research department. You will approve, deploy, and verify an update on LON­CL1 to
confirm the proper configuration of the WSUS environment.

The main tasks for this exercise are as follows:

1. Approve WSUS updates for the Research computer group.

2. Deploy updates to LON­CL1.

3. Verify update deployment to LON­CL1.

Task 1: Approve WSUS updates for the Research computer group

1. On LON­SVR4, open the WSUS console.

2. Approve the Security Update for Microsoft Office 2010 (KB2553371), 32­bit edition
update for the Research group.

Task 2: Deploy updates to LON­CL1

1. On LON­CL1, at the command prompt, type the following command, and then press
Enter:

Wuauclt.exe /detectnow

2. Open Windows Update and then check for updates.

3. Click Install to install the approved update.

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 17/19
13.03.2015 Module 12: Implementing Update Management

Task 3: Verify update deployment to LON­CL1

1. On LON­CL1, open Event Viewer.

2. Navigate to Applications and Services Logs\ Microsoft\Windows, and view the events
under WindowsUpdateClient – Operational.

3. Confirm that events are logged in relation to the update.

Results: After completing this exercise, you should have approved and deployed an update
by using WSUS.

To prepare for the next module

When you finish the lab, revert all virtual machines back to their initial state. To do this,
perform the following steps:

1. On the host computer, start Hyper­V Manager.

2. In the Virtual Machines list, right­click 20411B­LON­DC1, and then click Revert.

3. In the Revert Virtual Machines dialog box, click Revert.

4. Repeat steps 2 to 3 for 20411B­LON­SVR1, 20411B­LON­SVR4, and 20411B­LON­


CL1.

Module Review and Takeaways

Review Questions
Question: A colleague has argued that all updates to the Windows operating system
should be applied automatically when they are released. Do you recommend an
alternative process?

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 18/19
13.03.2015 Module 12: Implementing Update Management

Question: Your organization implements several applications that are not Microsoft
applications. A colleague has proposed using WSUS to deploy application and operating
system updates. Are there any potential issues with using WSUS?

Question: Why is WSUS easier to manage in an AD DS domain?

Tools

Tool Use Where to find it

WSUS Administration console Administer WSUS Server Manager ­ Tools

Windows PowerShell WSUS Administer WSUS from the command– Windows PowerShell
cmdlets line interface

https://skillpipe.courseware­marketplace.com/reader/en­GB/Book/BookPrintView/aa70e352­319b­4b27­8083­aea52017fecd?ChapterNumber=14&FontS… 19/19

You might also like