Thursday, February 26, 2015

Saving Bandwidth and Centralizing Updates with Windows Server Update Services

Today, I installed and configured Windows Server Update Services (WSUS). WSUS allows Windows network administrators to keep a repository of Windows updates on a central server from which client computers can fetch them. (It's like a mini Microsoft Update server, right on your network!) This means that it's no longer necessary for every single client computer to go out to Microsoft Update servers to get their updates and use up a bunch of bandwidth. Instead, all update traffic except the actual downloading of the updates to the WSUS server is inside your network, which is probably a good deal faster than external communication.

There are some things to be careful about with WSUS:

  • Updates by default have to be "approved" by an administrator before they'll be delivered to clients. Either manually approve updates (if you're worried about Microsoft breaking something with one) or set the auto-approve policy to approve all the things, which you can do after the original set-up.
  • It seems that the set-up wizard sometimes gets stuck and lets you press the buttons (they do the UI depress/pop-up) but doesn't do anything. Just be patient, it's working, don't cancel it!
  • Your client computers won't just magically start getting updates from the WSUS server. (It's not in DHCP.) Instead, you'll need to add the appropriate settings to Group Policy with a special WSUS administrative template. Clicking the link in the warning message about there not being any clients will tell you how to get that template set up.
  • There are a whole lot of things you could keep updates for that you probably don't have. Only choose to get updates for technologies (programs, OSes, and architectures) that are actually present on your network.
  • All these updates take a lot of space. Be prepared to dedicate at least 500GB for WSUS. I strongly recommend having a dedicated drive for it.

No comments:

Post a Comment