Setup Windows Server Update Services

From Research
Jump to navigation Jump to search

Windows Software Update Services

Our local WSUS server is currently hosted on Lancer (because WSUS requires IIS) and directly mirrors all the updates available for Windows XP. The WSUS server can be administered through http://lancer.iat.sfu.ca/WSUSAdmin/.

Setup a Client to use WSUS

WSUS can be configured on any Windows 2000 SP3+ or Windows XP SP1+ by adding some registry information pointing automatic updates to our local WSUS server. Note: In System Properties, the automatic update options will be grayed out once WSUS is configured.

Registry file to install: Media:WSUS_install.reg

Registry file to uninstall: Media:WSUS_uninstall.reg

Monthly Maintenance

WSUS has no option to auto allow new updates to be accepted and given to clients, therefore each month (after Microsoft releases new updates) a Research Administrator must log into the WSUS server on Lancer and manually approve the new security updates.

File:WSUS Client Diagnostic Tool.tbz2 - Windows exe which tests if WindowsXP has all required software installed for a WSUS client.

Note: Windows Update Software Services replaces Software Update Services

Disk Space Problems

  • If the update content directory or databases grow to the point where they fill up the disk drive or partition, operation of WSUS will be hampered. It will no longer be able to perform regular synchronizations (ie: download available updates from Microsoft) plus it may become impossible to migrate the files to a drive with more space by using the wsusutil.exe movecontent [destination path] [log file path and filename] command.
  • If the movecontent switch fails, then what you can try doing is installing another drive into Lancer, and then using a utility such as Symantec (Norton) Ghost to clone the existing WSUS drive to the new drive. After cloning has completed, shut down Lancer, remove the old WSUS drive, and restart. I did this in June 2011 when the 100gb HD filled up and had to be replaced with a 500gb unit.
  • An easy way to reduce the growth rate of the updates files is to limit WSUS to only consider updates for specific languages. In June 2011, I configured WSUS to only download updates for English and French.
  • To reduce disk clutter, you can use the Server Cleanup Wizard which is located in the Options tree menu item on the left side of the Update Service control panel.
  • When I changed the update settings to only update for English and French languages, the existing directory still contained all the previously downloaded updates for other languages. The Server Cleanup Wizard didn't delete them. To remove them, I launched a commandline window (Run As Administrator) and ran wsusutil.exe removeinactiveapprovals. After that, I ran Server Cleanup Wizard and it removed approximately 100gb's worth of files.