Configure Windows Server 2016 WSUS

Windows Server Update Services ( WSUS) is a feature available in a Microsoft Windows Server that allows to manage windows update centrally for Microsoft products. Setting up WSUS server is preety forward. This is done through Server Manager.

Click Install.

Once the installation completes, launch the post-installation as shown below.

On the "Before Your Begin" screen, make sure that all the necessary requirements are fulfilled. Click Next.

"Microsoft Update Improvement Program" is optional. Click Next.

On "Choose Upstream Server", we will go with "Synchronize from Microsoft Update". If you have already another WSUS server ( Upstream Server), select the second option. Upstream server refers to the main server and the second server will be called as downstream servers. Since we don't have any other WSUS servers, select option one.

On the "Specify Proxy Server" , enter the proxy server information. Otherwise, click Next.

Next click "Start Connectiong" to begin downloading the updates available.

Click Next. On the "Choose Languages", select download updates for specific languages.

Select the Microsoft products to be updated.

On the "Configure Sync Schedule", we can configure how we want to schedule our WSUS server for synchronization.

We can begin the synchronization by selecting "Begin initial synchronization". Click Finish.

The basis summary gives idea to think about next steps.

Before moving to the next step, lets configure Group policy to confugure automated update.

Group Policy Settings for WSUS

To use an internal WSUS server, it's necessary to configure clients with automated update settings and also configure which server to communicate with. Additionally, you can configure the clients to be a member of a specific WSUS computer group if you're deploying patches in WSUS based on computer group targets.

Open Group Policy Management console and navigate to Computer Configuration --> Policies --> Administrative Templates --> Windows Components --> Windows Update

If you want to configure a computer group, double-click Enable client-side targeting, set to Enabled, and enter the target group name that exactly matches one defined in WSUS, then click OK. Close Group Policy Management Editor.

Once the GPO are applied, you are ready to go.

Using the Options menu, you can configure any settings such as synchronization time, getting specific updates, installation-specific updates automatically and many more.