Windows Server Update Service's
role that we have in our server 2012 environments been around since before 2012 but we haven't their environment. That allows us to take those updates that would normally come from
Microsoft updates and bring your house be able to test them and only approve ones that actual work without our environment. Last we want to do is have an update that makes a critical application stop functioning or to make critical process is stopped functioning or even make a operative system.
Brick basically doesn't function anymore, is all things we have to take into consideration?
The O. W. Seuss environment is actually just a role we install off of our standard
environment and do add rules of features. Very remind we were not just part of the demonstration because it could be very time consuming process and explain why it could be very time consuming a second. It's a straightforward he follows to the wizard through, but at the end of it is where it gets a little bit tricky, and I'm sure you know the issue with that. So let's go ahead and open up the council that we haven't actually fully installed.
the reason that you run into an issue with
the first installation taking a considerable period of time is
downloading the actual updates because by default and we'll go down here and take a look at our options here on this screen and by default
give you in our Protestant classifications section.
It washed. You download
everything associated with
all products in all classifications.
That makes a big difference. So if we think about it by the fall,
you're going to have
product updates for a vast number of items in here. So it's a very long list, and you want only update those things that you need to update. For example, if you don't have when his ex P in your environment and where don't Loudon don't download any updates.
If you don't invest it, don't download any updates. Remember, by default is gonna try to do this. Takes a long time initially, and there's actually a trick to work around us. The trick to work around it. If you want to, at least on the initial download and then you can tweak and get let's get all the updates for the environment we could tweak. It is, you go in and you select something like Microsoft
works, so we would actually select something like Microsoft works as our
one and only checkbox for product clocks classifications. And then our classifications would check something like drivers. That would be a very good choice. So if we checked the two choices where we check Microsoft
Works and drivers and then did the download of the updates
Microsoft forced me. Software has no drivers, so there wouldn't be any need to download. It would download any of the updated information in our environment but actually download any updates. We could then go back and tweak our settings to only include those components that we need. If you're not using a
operative system, don't download it. If you're not using an environment
that's multi language, don't download the extra languages. If you're not using other types of servers, that wind is the central business server. Don't download updates. Photo gallery, one care system center.
Anything that you're not using don't download. There's no reason to do it. If it's been retired, don't download it. There's all things that you could take into consideration and you want to go ahead and set up properly.
That's a product of classifications.
We also have the wall around our options screen. We're gonna talk about the rest of these options here
on our update source, a proxy server that tells us where we're going to get our update from the very 1st 1 that we put into our environment is going to get its updates, download it from Microsoft. So get down anything that we talked to bring down,
and it's going to synchronize from Microsoft updates. We can also synchronize from another Windows server update Server knows we could have a downstream server that synchronizes from inside our own four walls aren't so network.
We can also use a proxy server if we need a proxy server. When synchronizing and put that information in
going click kids are there. Don't need that.
Update. Files of languages
download express installation files or start store updates, files locally on the server
or download updates. Files to the several older one updates are approved, which kind of makes sense if you want to do that download only when they're approved, because no sense in having a ball
do not store update files locally. Computers to Stop From Microsoft Update If you have a downstream server in a branch office, there's no reason to actually
maybe download the data there you can actually download from Microsoft Update. Or, if you have a mobile user, may be, Do you want them to download from Microsoft Update and after languages on Lee. Down, though, does languages you need.
Don't download any language you do not need.
Everything you do download is more and more bandwidth and more and more storage.
We can also choose our synchronization schedule.
When we're going to do it, we're gonna synchronize manually or automatically. Here we say synchronize how many times per day and I seem like overkill if we say go ahead and check for updates
every day, or even multiple times a day after 24 times a day, which was for our.
But if you happen to still be using the Microsoft
threat management environment and you're using their anti malware products, you might want to have that synchronization. Admiral. Today we're gonna going kids out of that.
Automatic approvals don't want automatic approvals. Generally in a business or a corporate environment. You do not wanna have automatic approvals. The reason being
as you don't know if something's going to have a negative impact on your operation.
corrections security updates are beneficial. But if you're
operation can't function,
they're not beneficial. So you want to take into account and an advance. You can automatically approve updates to the product itself that you should save to do because the product itself can automatically be updated and revisionist updates. So do we automatically approved do revisions of updates?
We don't know what to do. Revision does. It may actually change something, said Wives. That causes a problem, so we may not want to do that automatically. Declined updates when a new revision causes them to expire. That's actually use your pretty good one toe automatically decline one if there's a new revision. But bear in mind, we go back to the first statement of that.
A new update might be a problem, so we might not want to decline the previous update. We might want to have it
because best about how to assign computers to the group's you click out of that option says use the update service console which means you're gonna manually put everything in. Or we could use group policy or registry settings that computers using the group policy is the preferred choice. Because that way, computers all get managed through your active directory environment. Your best choices to do that,
going down to your server clean up wizard.
That issue will bring a wizard, and we don't want to do to want to get rid of
So unused updates and update revisions. If I've declined them,
I don't want to keep a copy of it.
How about computers not contacting the server? So if I have a computer hasn't met online and 30 days or more. Maybe I wanted to have it removed Unneeded update files, especially if it's something that's expired or out of date, such as expired or superseded, or ones that aren't needed anymore because of our environment.
And then we would actually go through the process of cleaning it up after we made our choices
if we have multiple servers, so we have some downstream service and we have enough street service, we could rule of status from replicant downstream servers to the server or do not roll the status of a replica downstream service. Ours. If we have a server when we actually go to the configuration process, is going to be a downstream server,
we can actually roll up all the reports into one counsel at work. From there,
even on notifications, we can actually have
Email sent email notifications of new updates, status reports That's very useful. You go ahead and click on that, and you
tell that the information filled in the details, including the email server. So we're not gonna do that.
Where? Microsoft Update Improvement Program. This is a
option that you could choose where you are providing information to Microsoft to help improve their product.
Personalization, which you could choose. How downstream silver role of data is displayed in which happens as soon So you click a personalization and give you a include computers and status from replica dance to service
show computers a status from the server load show. Val Addition. There's a pop ups. We can also have a to do list things that need to be checked off to make sure that everything is done
and we have a W suits configuration wizard this is gonna be run. Obviously, at the first time, you roll it out
and it's gonna before you begin. It starts. Is this firewalker? Figured a lot of class to access the server. You would click on next initially, when you start to run. This
do you want to be part of the program
improving the environment?
We checked the ***. If we need to know we're not going to
we would synchronize them update or another update server. If we had one available to us,
you would choose that. If you're going to do a replica downstream server
it says use a proxy if necessary
Then we have a start connecting here. We're actually gonna cancel it out at this point because they're not gonna be connecting
because it's got to download information about the touch of updates. Available products that could be updated, available languages. So choose languages products classifications schedule
finished in next. We're gonna cancel out of this because all the rest of those we've actually already looked at the screen that would allow us to figure that afterwards.
So go ahead and click. I cancel
and we're done with that
and let's talk about the rest of it. So what do you have it fully installed? And we forget downstream? Syria's will be listed in council synchronization. Sze would tell us when things were synchronized.
Updates for tell us an overview of all updates, updates with errors, critical updates w suits, updates, security UPDATES and give us details of updates installed in that Africa ble to 57
for all updates. A critical knows we don't have any for W Souza's security updates
and if we actually looked at are all updates here,
then it's we have one highlighted that says this up to update suit supersedes another update. If we look at the one right below it,
this update is superseded by Nikola.
So as that's the case, then you have superseded. You can actually go ahead on any one of these and approve it.
We could look at the revision history, the file information, a status report about it. If you want to prove it, we can either right click on it and approve it. Decline it
or any other officers were also in the update with, and you just click on
approved, for example, and it would approve it and says to proven updates like the group to which this going to be assigned. So what computers way have all computers not approved or on a Cylon computers not approved inherited.
So we'd have to choose which one we're gonna have to work with.
In terms of our environment,
we'd actually have to approve for a stall approved for removal.
proof install approved to rule or not approve.
In this case, we're gonna on the other side and not approved. Inherited. We're gonna
approved for install.
Is removing approval update from
Link Microsoft link there deep in addition, approving. So the process is complete and we cook our clothes.
It's been approved and it will actually be installed based on our approval to those devices. Are should say this computers
which are appropriate
and W c *** has actually manage this. You, If you're in a big organization with lots of different types of the servers difficulties of workstations, Denver types of applications,
there's quite often gonna be a full time position where
all you work with his W suits. You get all that
you download all the updates to a lab environment. You run the test against every single configuration that you need to run against, including
different applications, different software, different hardware,
different user accounts. Even some people actually good at level, see if it impacts a negative impacts. That user environment
had only approved those that actually do not have a negative impact on your barbeque. And that's W. Suze. It's a very useful tool. It actually allows you to take that management capability
away from the end users just
willy nilly going out there and updating anything
and putting in your hands, and it allows you to actually configure your environment correctly.