Mathew Mozer | 1
How To Install
WSUS Server
Mathew Mozer | 2
Contents
PRE-SETUP INFORMATION ........................................................................................................................... 3
Download Software ............................................................................................................................................................................. 3
SET UP ROLES PRIOR TO INSTALLING WSUS ................................................................................................. 4
Setup IIS ............................................................................................................................................................................................... 4
INSTALL AND CONFIGURE MS REPORT VIEWER SQL SERVER EXPRESS. .......................................................... 7
Install MS Report Viewer .................................................................................................................................................................... 7
Install SQL Express .............................................................................................................................................................................. 8
INSTALLATION AND CONFIGURATION OF WSUS SP1 .................................................................................. 10
Installation ..........................................................................................................................................................................................10
Configuration ...................................................................................................................................................................................... 13
CREATING / EDITING GPO’S ....................................................................................................................... 19
Modifying Policies ............................................................................................................................................................................. 20
CLIENT INSTALLATION ................................................................................................................................ 23
SECURING WSUS USING SSL ....................................................................................................................... 24
Adding Active Directory Certificate Services ................................................................................................................................. 24
Configuring Certificate Authority .................................................................................................................................................... 25
Installing SSL on IIS .......................................................................................................................................................................... 27
REPORTING ............................................................................................................................................... 33
Mathew Mozer | Pre-Setup Information 3
Pre-Setup Information
First you will need to install windows server 2008 with partitions that will be sufficient to handle WSUS
Windows Server 2008 will need a primary partition of approximately 20gb and you will also need about a 70gb partition
for the update partition. We will go over this later.
Download Software
Once you have server 2008 installed you will need to download:
MS Report Viewer http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C-474C-
9D57-05B2347456B1&displaylang=en
SQL Server express 2005 http://go.microsoft.com/fwlink/?linkid=65212
Mathew Mozer | Set up Roles Prior to installing WSUS 4
Set up Roles Prior to installing WSUS
Setup IIS
1. You will need to setup up your server as a Web
server using IIS. 2. Run Server manager and select roles. 3. Select Web server and click next
1. Click next at the next window to begin
setup of our web server. 2. First we will need to set the security setting
to windows authentication. 3. Under application development we will
need to select asp.net. 4. Under management tools select
“IIS 6 management compatibility.”
Mathew Mozer | 5
1. After you click next you will be confronted with a confirm installation screen.
2. Click install to begin the installation.
Begin installing Web server software.
Mathew Mozer | 6
As you can see in the roles frame of the server manager window you can see the Web Server is added into roles summary.
Mathew Mozer | Install and configure MS Report Viewer SQL Server Express. 7
Install and configure MS Report Viewer SQL Server Express.
Install MS Report Viewer
1. Run the Microsoft report viewer setup. You will see this screen first.
2. Click Next.
1. Accept the license agreement if you have
read and agree. 2. click next
Setup should complete and you should see this screen. Click finish
Mathew Mozer | Install and configure MS Report Viewer SQL Server Express. 8
Install SQL Express
1. Run the SQL Express installer. 2. You should be presented with this screen. 3. Choose Run program to continue with
installation.
1. You must accept the license agreement to
continue the setup process. 2. Click next
Mathew Mozer | Install and configure MS Report Viewer SQL Server Express. 9
1. It now shows you all the components that are going to be installed.
2. Click Install.
1. Installation should be complete and this screen should appear.
2. Click next to continue
Mathew Mozer | Installation and configuration of WSUS SP1 10
Installation and configuration of WSUS SP1
Installation
1. This is the initial screen of the WSUS SP1 setup wizard.
2. Choose next.
1. Choose full server installation so we
can also get the administration console. 2. Click next.
1. Once again you must accept the
License agreement 2. Click next.
Mathew Mozer | Installation and configuration of WSUS SP1 11
1. We change the folder path to a drive that has a enough space to hold all updates that are available.
2. Click Next
1. Keep default settings 2. Click next.
Mathew Mozer | Installation and configuration of WSUS SP1 12
1. Choose to keep the existing IIS default website.
2. Choose next.
The wizard is successfully completed the installation.
Mathew Mozer | Installation and configuration of WSUS SP1 13
Configuration
1. You will be presented with the WSUS configuration screen click next till you are presented with this screen.
2. You should change the option bubble to synchronize with another WSUS server.
3. Set it to 10.145.145.14 with port 80 which is default. (172.16.1.100)
1. Choose Start connect to
connect to the server you previously entered in the last screen.
Watch the status bar move. It will synchronize 10% then allow you to move on.
Mathew Mozer | Installation and configuration of WSUS SP1 14
1. Choose the languages you need and choose next. I only needed English.
1. Now its time to choose
when you synchronize your time to update.
2. I choose to update automatically at 3:22 am.
3. Choose next
Mathew Mozer | Installation and configuration of WSUS SP1 15
1. Keep the current settings on this screen.
2. Click “next”
1. Click options on the left side then
click update files and languages. 2. Then this window will show up. 3. Choose to download express
installation files. 4. click ok.
If you are currently synchronizing you will have to wait till this that is complete to save these settings.
Mathew Mozer | Installation and configuration of WSUS SP1 16
1. From the options link in the left pane choose automatic approvals.
2. After you this window appears click all classifications which normally isn’t a good practice but we are just doing it for this exercise.
1. Get the properties of the computers by
clicking the computer settings in the option pane
1. Create a Server and a Vista Group in
WSUS
Mathew Mozer | Installation and configuration of WSUS SP1 17
1. Create a Server and a Vista Group in WSUS
1. Click the + on the left pane next to “Updates”
2. click all updates 3. Click the dropdown box next to status
in the main pane 4. choose any In the approval drop
down. 5. Choose unapproved.
1. Select all of the updates in the table 2. click approve on all
Mathew Mozer | Installation and configuration of WSUS SP1 18
1. Wait for all updates to be approved 2. Click Close
Your have now completed the installation and configuration.
Mathew Mozer | Creating / Editing GPO’s 19
Creating / Editing GPO’s Go to the group policy manager and
edit the “Default domain Policy”
1. Expand Computer
Configuration 2. Expand policies 3. Expand admin templates 4. Expand windows
components 5. Expand Windows update
Mathew Mozer | Creating / Editing GPO’s 20
Modifying Policies
1. In windows components go to Windows Update. Modify these 3 Policies
1. Put https:// and the FQDN of your server in the
“specify intranet Microsoft update service location”
1. Select Automatic detection frequency properties. 2. Choose enabled set which interval you want
Mathew Mozer | Creating / Editing GPO’s 21
1. Right click the domain controller. 2. select create GPO in new OU
1. Click ok
Mathew Mozer | Creating / Editing GPO’s 22
1. Edit the GPO you just created by right clicking and choose edit.
2. Expand Computer Configuration 3. Expand policies 4. Expand admin templates 5. Expand windows components
6. Expand Windows update Enable Client Side Targeting and point it to the group you created in the WSUS
1. Do the above steps in the default domain
controller GPO. And set the group name to the group you created in WSUS for servers.
Mathew Mozer | Client Installation 23
Client Installation Once you connect any computer to the domain. It will automatically sync to WSUS and you can check for updates
Mathew Mozer | SECURING WSUS USING SSL 24
SECURING WSUS USING SSL
Adding Active Directory Certificate Services
1. Open Server Manager and click at a role.
2. Click next after you click active directory certificate services.
3. Click next
1. When you click certification
authority there are other dependencys and you will need to add those too.
1. Click Next
Mathew Mozer | SECURING WSUS USING SSL 25
Configuring Certificate Authority
1. Use enterprise version because it stores the certificate in Active Directory.
1. Choose Root CA if this is the
only server.
Create a new private key unless you have one but on a fresh install you
don’t.
Mathew Mozer | SECURING WSUS USING SSL 26
1. Keep default settings 2. Click next
1. Keep Defaults 2. Click Next
Mathew Mozer | SECURING WSUS USING SSL 27
Installing SSL on IIS
1. Open Server Manager 2. Expand Roles 3. Expand Web Server 4. Click server name under
connections
5. Dbl click server certificates in the center pane
6. On the very right pane choose “Create domain certificate”.
1. The common name is the
computername + domain name 2. Everything else can be anything
Mathew Mozer | SECURING WSUS USING SSL 28
1. click “select” button next to specify online certificate
1. Specify exact FQDN as the
friendly name
Mathew Mozer | SECURING WSUS USING SSL 29
1. Expand site and default web site
1. Click default web site then bindings on the right side 2. Click add
Mathew Mozer | SECURING WSUS USING SSL 30
1. Choose the SSL certificate you created earlier and change the type to HTTPS with all assigned addresses
1. Click clientwebserver
under default side in the IIS settings.
2. Dbl click ssl settings
Mathew Mozer | SECURING WSUS USING SSL 31
1. Select require SSL
2. Click apply
1. Select
Simpleauthwebservice
2. Enable SSL and click apply
Mathew Mozer | SECURING WSUS USING SSL 32
1. Select Dssauthwebservice 2. Enable SSL and click apply
1. Select Serversyncwebservice 2. Enable SSL
Mathew Mozer | Reporting 33
Reporting 1. Open WSUS from
administration tools 2. Click reports on the
right pane 3. Click update
detailed status
Mathew Mozer | Reporting 34
4. Reports are now being generated for all updates
5. This is a report that
was ran to show updates that were successfully installed.