Shulou(Shulou.com)06/02 Report--

WSUS is the abbreviation of WindowsWSUS ServerUpdate Services, which has been greatly improved on the basis of the previous Windows UpdateServices. More Windows patches can be updated with reporting and oriented performance, and administrators can control the update process.

WSUS is a networked patch distribution solution launched by Microsoft, which is free and supports updates to all Microsoft products.

Through WSUS, the Windows upgrade service in the internal network, all Windows updates are centrally downloaded to the WSUS server on the intranet, while the clients in the network are updated through the WSUS server. This saves network resources to a great extent, avoids the waste of external network traffic and improves the efficiency of computer updates in the internal network. It greatly reduces the possibility that the computer fails to update the patch in time.

After WSUS is deployed, the WSUS server downloads the latest updates directly from the Microsoft Update, and all clients only need to get the latest updates from the WSUS server, and do not need to access the Microsoft Update in the external network, thus greatly saving network bandwidth and ensuring that all clients update uniformly in the shortest time: as shown in the figure:

Hardware installation requirements:

For servers with up to 500 clients, the following hardware is recommended:

* 1 GHz processor

* 2 RAM of GB

Software installation requirements

To install WSUS on Windows 2008R2, the following software must be installed on your computer.

* Microsoft Internet Information Services (IIS).

* Microsoft .NET Framework4.0.

* Management console MMC3.0.

* Microsoft Report Viewer 2008.

To install WSUS, the file system on the server must meet the following requirements:

* both the system partition and the partition where WSUS is installed must be formatted using the NTFS file system.

* the system partition requires at least 1 GB of free space.

* the volume used by WSUS to store content requires at least 6 GB of free space. It is recommended to reserve 30 GB of space.

* volumes used by the WSUS installer to install Windows SQL Server 2000 Desktop Engine (WMSDE) require at least 2 GB of free space.

Environment introduction

Customer servers are in a workgroup environment, and there are two types of servers in the private network: Windows Server 2003R2 and Windows Server 2008R2. WSUS3.0SP1 included in Windows Server 2008R2 is no longer supported, so there are always errors when adding WSUS roles. If you must use Windows Server 2008R2, you need to download WSUS3.0SP2 to Microsoft to complete the construction of WSUS server, so WSUS server chooses to use Windows Server 2012R2 to build.

Operation steps

1. Set up a WSUS server in the public network environment to download the patch pack (the build process is brief). After the build is completed, set the options to update the file and update the language. The language option is to download the operating system patches in those languages. Update files are as follows:

(1) Files can be downloaded to this server only after the update has been reviewed. This option only downloads the source data of the patch pack rather than the patch itself before approval. The advantage is bandwidth savings, while the disadvantage is that the patch package will not be actually downloaded until after approval. Microsoft recommends using this option, which is also the default option.

(2) download the quick installation file. This option is to download the patch package directly to the local area before approval, and then install it after approval. Its advantage is that if the computer in the intranet has installed the old patch package, it will only install the part of the difference between the patch package and the new patch pack, thus alleviating the burden on the intranet network. The disadvantage is that the external network belt consumption is large.

Combined with the actual environment, choose to download the installation file here, it should be noted that the update file and update language option settings of the WSUS server in the intranet must be consistent with the options here. Updating source and proxy servers, products and categories, and synchronization schedule settings can be ignored.

To facilitate downloading, set the automatic approval option to any category, and then start downloading the patch pack.

two。 Download is completed in the specified patch storage path to find the WsusContent directory, the directory is stored in the downloaded patch, you can use a variety of backup software or Xcopy tools for backup, and then to the intranet WSUS server for recovery, be careful not to change the hierarchy under the directory, choose the most original method here to directly copy a copy.

3. The intranet computer is still unable to download the patch on the WSUS server that only copies the WsusContent directory to the intranet. You also need to use the wsusutil tool that comes with WSUS to export the source data of the patch room on the public network WSUS server. The tool is located in the C:Program FilesUpdate ServicesTools directory. The tool cannot be opened by double click and can be executed in command line mode. The command format is as follows:

Wsusutil.exe export packagename logfile # packagename is in .cab format, logfile is in .log format, and packagename and logfile names must be exactly the same.

4. Set up a WSUS server in the internal network, and the location of the patch pack should be consistent with that of the external network server, and test the copied WsusContent directory to the intranet WSUS server.

5. Then use the wsusutil tool to import the source data of the public network WSUS server patch pack. Even if the private network WSUS server patch is updated, the source data needs to be updated every time the patch is updated.

6. Open the IIS Manager and confirm the port number used by WSUS

7. Find a computer in the intranet, point the WSUS server address in the group policy to the actual address, and then run gpupdate / force to refresh the group policy.

8. Open the registry of this computer, export the Windows update key value to a reg registry file, send it to other computers in the intranet, double-click the point to the running WSUS server, and the operation is complete.

Supplementary explanation

1. After other computers in the private network run the reg file, the key value of the registry is modified, but the group policy is still not set. At this time, patches can be obtained normally from the WSUS server. It is speculated that the group policy and the registry are not stored in the same location.

two。 After repeated tests, other computers in the intranet can find the WSUS server after running the registry file, but sometimes the registry can be updated immediately, and sometimes the system can return to normal after rebooting after an error occurs. Sometimes repeated restart and refresh group policy always reported this error. The error was checked on the Internet and said it was caused by a network failure, because it was all in the same network environment. It is very strange how to solve this fault. I feel that the occurrence of this fault is very random.

3.WSUS identifies PC by computer name, and if there are two PC with the same computer name in the environment, the later report to the WSUS server will be recorded in the list of all computers in WSUS, although both PC can get the fix pack from the WSUS server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.