Join Brien Posey for an in-depth discussion in this video Configure GPO settings for WSUS, part of Windows 10: Plan and Implement Software Updates.
- Microsoft provides the Windows Server Update Services or WSUS as it's often called as a tool for centrally managing updates for Windows machines. In order to get the Windows machines on your network to look to the WSUS server for updates rather than using Microsoft Update, it's necessary to set a Group Policy Setting. So right now I'm logged on to my domain controller and I have the Server Manager open. So what I'm going to do is I'm going to go to Tools within the Server Manager and I'm going to choose Group Policy Management.
And this is going to open a Group Policy Management console. Next, I'm going to right click on the Default Domain Policy and choose Edit. And this is going to open the Group Policy Management Editor. So the next thing that I have to do is navigate through the console tree to Computer Configuration, Policies, Administrative Templates, Windows Components, and Windows Update.
The next thing that I have to do is locate a Group Policy Setting called Specify intranet Microsoft update service location and you can see that policy setting right here. So I'm going to go ahead and open this up. And I'm going to Enable this policy setting. So we have a few different fields right here. And the first thing that we have to do is provide the URL to our WSUS server. And that URL, in my case, is going to be http://in-WSUS-WSUS and then at the end I need to append the port number that I want to be used.
And that port number, in my case, is :8530 and that is a default port number for WSUS servers that are not using SSO encryption. So the next thing that we need to do is to set the intranet statistics server. And that server is going to be the server that the clients on the network upload information to regarding which updates they have and which updates are still needed. And we can use exactly the same URL for this one. So that's going to be http://in-WSUS-WSUS and I'm also going to use the same port number, :8530.
And of course, in your environment you would use your own URL as opposed to the one that I'm using right here. So I'm going to click Apply, followed by OK. And so now the Group Policy has been updated to include the URL to my WSUS server. Next, I'm going to go into Configure Automatic Updates which you can see right here. So I'm going to go ahead and Enable this policy and we have some options here. Configure automatic updating. We can set this to notify for download and notify for install, auto download and notify for install, auto download and schedule the install, and allow local admin to choose all settings.
So I'm going to go for auto download and notify for install and then we can also schedule the install. So by default this is set for every day, but we could make it once a week if we wanted to. And we can schedule an install time. By default this is scheduled for three a.m. We could set this to whatever time is convenient for our own organization. And I'm going to select the check box to install updates for other Microsoft products. So I'm going to click Apply and click OK. So that's how you configure the Group Policy Settings that are required by the Window Server Update Services.
- Deploying updates manually
- Monitoring deployments
- Configuring automatic deployment rules
- Analyzing log files
- Approving and declining updates in Intune
- Deploying software from SCCM, WSUS, and Intune