Time
41 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Windows Server Update Services This lesson covers Windows Server Update Services (WSUS). The WSUS allows us to take updates and be able to test them and only approve ones that work in our environment. In this lab-based lesson, participants learn step by step instructions in how to download updates and then test them for usability.

Video Transcription

00:04
Windows Server Update Service's
00:06
as the
00:07
role that we have in our server 2012 environments been around since before 2012 but we haven't their environment. That allows us to take those updates that would normally come from
00:17
Microsoft updates and bring your house be able to test them and only approve ones that actual work without our environment. Last we want to do is have an update that makes a critical application stop functioning or to make critical process is stopped functioning or even make a operative system.
00:33
Brick basically doesn't function anymore, is all things we have to take into consideration?
00:38
The O. W. Seuss environment is actually just a role we install off of our standard
00:43
manage
00:44
environment and do add rules of features. Very remind we were not just part of the demonstration because it could be very time consuming process and explain why it could be very time consuming a second. It's a straightforward he follows to the wizard through, but at the end of it is where it gets a little bit tricky, and I'm sure you know the issue with that. So let's go ahead and open up the council that we haven't actually fully installed.
01:03
And
01:03
the reason that you run into an issue with
01:07
the first installation taking a considerable period of time is
01:11
downloading the actual updates because by default and we'll go down here and take a look at our options here on this screen and by default
01:19
give you in our Protestant classifications section.
01:23
It washed. You download
01:25
everything associated with
01:26
all products in all classifications.
01:30
That makes a big difference. So if we think about it by the fall,
01:33
you're going to have
01:34
product updates for a vast number of items in here. So it's a very long list, and you want only update those things that you need to update. For example, if you don't have when his ex P in your environment and where don't Loudon don't download any updates.
01:48
If you don't invest it, don't download any updates. Remember, by default is gonna try to do this. Takes a long time initially, and there's actually a trick to work around us. The trick to work around it. If you want to, at least on the initial download and then you can tweak and get let's get all the updates for the environment we could tweak. It is, you go in and you select something like Microsoft
02:07
works, so we would actually select something like Microsoft works as our
02:10
one and only checkbox for product clocks classifications. And then our classifications would check something like drivers. That would be a very good choice. So if we checked the two choices where we check Microsoft
02:23
Works and drivers and then did the download of the updates
02:28
Microsoft forced me. Software has no drivers, so there wouldn't be any need to download. It would download any of the updated information in our environment but actually download any updates. We could then go back and tweak our settings to only include those components that we need. If you're not using a
02:45
operative system, don't download it. If you're not using an environment
02:49
that's multi language, don't download the extra languages. If you're not using other types of servers, that wind is the central business server. Don't download updates. Photo gallery, one care system center.
02:59
Anything that you're not using don't download. There's no reason to do it. If it's been retired, don't download it. There's all things that you could take into consideration and you want to go ahead and set up properly.
03:08
That's a product of classifications.
03:10
We also have the wall around our options screen. We're gonna talk about the rest of these options here
03:15
on our update source, a proxy server that tells us where we're going to get our update from the very 1st 1 that we put into our environment is going to get its updates, download it from Microsoft. So get down anything that we talked to bring down,
03:27
and it's going to synchronize from Microsoft updates. We can also synchronize from another Windows server update Server knows we could have a downstream server that synchronizes from inside our own four walls aren't so network.
03:38
We can also use a proxy server if we need a proxy server. When synchronizing and put that information in
03:45
going click kids are there. Don't need that.
03:46
Update. Files of languages
03:49
Pay attention,
03:50
download express installation files or start store updates, files locally on the server
03:53
or download updates. Files to the several older one updates are approved, which kind of makes sense if you want to do that download only when they're approved, because no sense in having a ball
04:02
do not store update files locally. Computers to Stop From Microsoft Update If you have a downstream server in a branch office, there's no reason to actually
04:12
maybe download the data there you can actually download from Microsoft Update. Or, if you have a mobile user, may be, Do you want them to download from Microsoft Update and after languages on Lee. Down, though, does languages you need.
04:23
Don't download any language you do not need.
04:26
Everything you do download is more and more bandwidth and more and more storage.
04:30
We can also choose our synchronization schedule.
04:32
When we're going to do it, we're gonna synchronize manually or automatically. Here we say synchronize how many times per day and I seem like overkill if we say go ahead and check for updates
04:43
every day, or even multiple times a day after 24 times a day, which was for our.
04:46
But if you happen to still be using the Microsoft
04:50
threat management environment and you're using their anti malware products, you might want to have that synchronization. Admiral. Today we're gonna going kids out of that.
05:00
Automatic approvals don't want automatic approvals. Generally in a business or a corporate environment. You do not wanna have automatic approvals. The reason being
05:10
as you don't know if something's going to have a negative impact on your operation.
05:14
Certainly,
05:15
security
05:16
corrections security updates are beneficial. But if you're
05:20
operation can't function,
05:23
they're not beneficial. So you want to take into account and an advance. You can automatically approve updates to the product itself that you should save to do because the product itself can automatically be updated and revisionist updates. So do we automatically approved do revisions of updates?
05:39
We don't know what to do. Revision does. It may actually change something, said Wives. That causes a problem, so we may not want to do that automatically. Declined updates when a new revision causes them to expire. That's actually use your pretty good one toe automatically decline one if there's a new revision. But bear in mind, we go back to the first statement of that.
05:57
A new update might be a problem, so we might not want to decline the previous update. We might want to have it
06:01
still in place
06:03
computers
06:04
because best about how to assign computers to the group's you click out of that option says use the update service console which means you're gonna manually put everything in. Or we could use group policy or registry settings that computers using the group policy is the preferred choice. Because that way, computers all get managed through your active directory environment. Your best choices to do that,
06:23
going down to your server clean up wizard.
06:26
That issue will bring a wizard, and we don't want to do to want to get rid of
06:29
anything is dead.
06:30
So unused updates and update revisions. If I've declined them,
06:34
I don't want to keep a copy of it.
06:35
How about computers not contacting the server? So if I have a computer hasn't met online and 30 days or more. Maybe I wanted to have it removed Unneeded update files, especially if it's something that's expired or out of date, such as expired or superseded, or ones that aren't needed anymore because of our environment.
06:53
And then we would actually go through the process of cleaning it up after we made our choices
06:57
reporting roll up
06:58
if we have multiple servers, so we have some downstream service and we have enough street service, we could rule of status from replicant downstream servers to the server or do not roll the status of a replica downstream service. Ours. If we have a server when we actually go to the configuration process, is going to be a downstream server,
07:15
we can actually roll up all the reports into one counsel at work. From there,
07:17
even on notifications, we can actually have
07:20
W C.
07:21
Email sent email notifications of new updates, status reports That's very useful. You go ahead and click on that, and you
07:28
tell that the information filled in the details, including the email server. So we're not gonna do that.
07:34
Where? Microsoft Update Improvement Program. This is a
07:38
option that you could choose where you are providing information to Microsoft to help improve their product.
07:45
Personalization, which you could choose. How downstream silver role of data is displayed in which happens as soon So you click a personalization and give you a include computers and status from replica dance to service
07:55
show computers a status from the server load show. Val Addition. There's a pop ups. We can also have a to do list things that need to be checked off to make sure that everything is done
08:03
and we have a W suits configuration wizard this is gonna be run. Obviously, at the first time, you roll it out
08:09
and it's gonna before you begin. It starts. Is this firewalker? Figured a lot of class to access the server. You would click on next initially, when you start to run. This
08:18
this is
08:20
do you want to be part of the program
08:22
for
08:22
improving the environment?
08:24
We checked the ***. If we need to know we're not going to
08:28
next,
08:28
we would synchronize them update or another update server. If we had one available to us,
08:35
you would choose that. If you're going to do a replica downstream server
08:37
click next
08:39
it says use a proxy if necessary
08:41
Next.
08:43
Then we have a start connecting here. We're actually gonna cancel it out at this point because they're not gonna be connecting
08:48
because it's got to download information about the touch of updates. Available products that could be updated, available languages. So choose languages products classifications schedule
08:58
finished in next. We're gonna cancel out of this because all the rest of those we've actually already looked at the screen that would allow us to figure that afterwards.
09:05
So go ahead and click. I cancel
09:07
and we're done with that
09:09
and let's talk about the rest of it. So what do you have it fully installed? And we forget downstream? Syria's will be listed in council synchronization. Sze would tell us when things were synchronized.
09:20
Updates for tell us an overview of all updates, updates with errors, critical updates w suits, updates, security UPDATES and give us details of updates installed in that Africa ble to 57
09:31
for all updates. A critical knows we don't have any for W Souza's security updates
09:35
and if we actually looked at are all updates here,
09:37
then it's we have one highlighted that says this up to update suit supersedes another update. If we look at the one right below it,
09:45
this update is superseded by Nikola.
09:46
So as that's the case, then you have superseded. You can actually go ahead on any one of these and approve it.
09:52
Decline it
09:54
a group it
09:56
We could look at the revision history, the file information, a status report about it. If you want to prove it, we can either right click on it and approve it. Decline it
10:03
or any other officers were also in the update with, and you just click on
10:07
approved, for example, and it would approve it and says to proven updates like the group to which this going to be assigned. So what computers way have all computers not approved or on a Cylon computers not approved inherited.
10:20
So we'd have to choose which one we're gonna have to work with.
10:24
In terms of our environment,
10:26
we'd actually have to approve for a stall approved for removal.
10:30
Four
10:31
proof install approved to rule or not approve.
10:33
In this case, we're gonna on the other side and not approved. Inherited. We're gonna
10:37
approved for install.
10:39
Click on. Okay,
10:41
Is removing approval update from
10:45
Link Microsoft link there deep in addition, approving. So the process is complete and we cook our clothes.
10:50
No, we have
10:52
It's been approved and it will actually be installed based on our approval to those devices. Are should say this computers
11:00
which are appropriate
11:01
and W c *** has actually manage this. You, If you're in a big organization with lots of different types of the servers difficulties of workstations, Denver types of applications,
11:11
there's quite often gonna be a full time position where
11:15
all you work with his W suits. You get all that
11:18
you download all the updates to a lab environment. You run the test against every single configuration that you need to run against, including
11:24
different applications, different software, different hardware,
11:26
different user accounts. Even some people actually good at level, see if it impacts a negative impacts. That user environment
11:33
had only approved those that actually do not have a negative impact on your barbeque. And that's W. Suze. It's a very useful tool. It actually allows you to take that management capability
11:46
away from the end users just
11:48
willy nilly going out there and updating anything
11:50
and putting in your hands, and it allows you to actually configure your environment correctly.

Up Next

Microsoft Deployment Services

The Microsoft Deployment Services course is an overview of both Windows Deployment Services and Windows Server Update Services (WSUS)

Instructed By

Instructor Profile Image
Michael Boberg
CEO of Broadline Enterprises, LLC
Instructor