Scribd
Upload
35 views29 pages

WSUS Operating Manual

Uploaded by

Zeeshan Opel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
35 views29 pages

WSUS Operating Manual

Uploaded by

Zeeshan Opel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 29

WSUS Doc. No.: 1.

0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 1 of 29

Windows Server Update


Services (WSUS) Operating
Manual

Effective: DD/MM /YY

Prepared By Reviewed By

Name / Initial Sign Name / Initial Sign

Mahek Muhammad Iqbal Concerned Divisional Head


WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 2 of 29

Revision History

Re Effective Cancelle Category


Rev. Prepared by Reviewed by Date d on
v (Restricted/
Date (Head or Team Lead)
No. Non-restricted)

Initial Designation Initial Designation


WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 3 of 29

Table of Contents
1.0 Purpose.................................................................................................................................... 4
2.0 Scope........................................................................................................................................ 4
3.0 Roles and Responsibilities..................................................................................................... 4
4.0 References............................................................................................................................... 4
5.0 Operational Tasks.................................................................................................................... 5
5.1 How Client machine communicates with WSUS Server...................................................
5.2 WSUS Administration Guide.............................................................................................
6.0 Troubleshooting..................................................................................................................... 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 4 of 29

1.0 PURPOSE
A patch is a piece of software designed to update a computer program or its
supporting data, to fix or improve it. This includes fixing security
vulnerabilities and other bugs and improving the usability or performance of
the systems. This Operating manual defines the procedure for successful
patch implementation using Microsoft WSUS.

2.0 SCOPE
Scope of this SOP includes the procedure and best practices for the
implementation of patches on workstations only based on Microsoft Windows
Operating System using WSUS (Windows Server Upgrade Services).
This Operating Manual is applicable to all group IT organizations.

3.0 ROLES AND RESPONSIBILITIES


Please see Vulnerability and Patch Management ( SOP - 019)_Final.docx (once document
number assigned, will be mentioned here)

4.0 REFERENCES
Nil
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 5 of 29

5.0 OPERATIONAL TASKS

5.1 How Client machine communicates with WSUS Server

Group Policy Object is configured where following configurations are made for smooth implementation of packages on client machines.

In our case, GPO-WSUS-CHQ is created.

Below is the configuration of System policy.


WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 6 of 29

Below is the configuration of Windows Updates.


WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 7 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 8 of 29

5.2 WSUS Administration Guide


CHQ is our main upstream server that is manually synchronized by Microsoft to receive released patches for machines.
Microsoft releases packages every Second Tuesday of the month. For upstream servers, it will be manually synchronized
at the end of every month.
To synchronize, go to synchronization tab under your server on the left-hand side ribbon.

Click Synchronize Now to initiate the process. Progress of synchronization will be shown at the bottom of your screen.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 9 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 10 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 11 of 29

After successful completion, you will be shown the results of new updates, revised updates, and expired updates. You can
also generate Synchronization report.

A test group is made where all the new patches are approved first and are observed for two to three days.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 12 of 29

Patches needed by the machine are shown at the bottom of the screen. Click on updates needed status, a report will be
generated where list of needed packages will be shown.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 13 of 29

To Approve a package, click on Not Approved in front of the required packages. A dialog box will be displayed. Select the
Test computer group, a dropdown menu will appear. Select Approved for Install or use shortcut key Ctrl+I. After Approval,
the text box will be shown in green.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 14 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 15 of 29

After successful completion of approval, packages will start to download on the machines present in the approved
computer group.

After completion of downloading, machines will require reboot. Completion of all packages on a machine will be shown
in green as given below.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 16 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 17 of 29

When packages have been successfully installed and tested on the above machines, they are then approved for all the
computer groups on the server.

Updating Downstream servers

Downstream servers are synchronized manually, and updates are fetched from upstream server. In our case PPGL and
MCR are downstream servers of CHQ.

MCR Server is now being synchronized for new updates.


WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 18 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 19 of 29

After completion of the synchronization on downstream server, packages will be approved for all departments.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 20 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 21 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 22 of 29

Updating Windows Servers in CHQ-WSUS

PARCHQWSUSSVR-> Under Computers-> Servers


CHQ Windows servers are in Servers groups. Shoaib/Zeeshan will approve packages for Servers.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 23 of 29

Updating Domain Controllers in CHQ-WSUS


All [9] Domain controllers are configured in CHQ-WSUS -> Domain Controllers
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 24 of 29

Shoaib/Zeeshan will approve packages for domain controllers in the last week of every month.

Uninstalling a package

To uninstall a specific package, go to “All Updates” and select the required package. Right Click on the package, in
the dropdown menu select “Approve”.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 25 of 29

A dialog box will appear, select a Computer Group on which you want to uninstall the required package. On the
dropdown menu, select “Approved for Removal” or use shortcut key Ctrl+R. Click “OK” for the removal of packages.
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 26 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 27 of 29
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 28 of 29

6.0 TROUBLESHOOTING
When machines are not reporting on WSUS Server and package installation is stuck, firstly check the following services
and make sure its Startup Type is set to Automatic.
1. Background Intelligent Transfer Service (BITS)
2. Windows Update (wuauserv)
WSUS Doc. No.: 1.0
Rev: 1
Operating Manual Date of Rev.: 00/00/0000
IT - Division Page: 29 of 29

After changing the startup types, run the following commands to resume the package installation.

1. wuauclt /reportnow
2. wuauclt.exe /detectnow
3. wuauclt /resetauthorization /detectnow

You might also like