How I build and maintain WSUS Server

There are hundreds of WSUS Server Tutorials available in the World Wild Web, and none of them fitted all my needs. I would never say that my way is the best way, but I spent quite some time with WSUS in the last few years and by now all of the servers I maintain work quite stable. (Except 2008, I hate Server 2008). 

First of all sorry for the German screenshots, but I thought better German screenshots than no article. The next time I setup a en-US WSUS I will swap the screenshots. 

Your best bet IMHO is to switch to Microsoft Windows Server 2016 asap. Server 2008 R2 won’t get Support for Windows 10 Feature Upgrades and Server 2012 R2 got it very delayed through an “interesting” hotfix. Windows Server 2016 seems to be the most reliable choice.
Second lesson I learned is, always install the Microsoft SQL Server Management Studio on the WSUS Server. You will need it sooner than later.
Third lesson is that WSUS will fail sooner or later, if you don’t execute a maintenance script on a regular basis.  Continue reading “How I build and maintain WSUS Server”

Taking back control of Windows Update: Install Updates when you want to!

For years we were more than unsatisfied with the options we had to choose from to patch our Microsoft Windows Servers. Without additional utility you are restricted to the few options Group Policy offers. So as I am always searching for a simple but efficient solution to such a painful problem, I combined two fantastic tools, to a powerful Windows Update Scheduler: PDQ Deploy and ABC Update.

tl;dr: If you choose option “3 – Auto download and notify for install” for your WSUS Group Policy, you can take any advanced Task Scheduler like PDQ Deploy in combination with ABC-Update to install Windows Updates scheduled the way YOU want it to be!

Prologue, where is my problem?

First let’s take a look at the options Microsoft offers us and why I refuse to rely on those. If I’m not completely mistaken the only Policy to choose when to patch Windows Updates has been “Configure Automatic Updates” since ever: Continue reading “Taking back control of Windows Update: Install Updates when you want to!”

#WannaCry Microsoft Security Bulletin MS17-010: Import KB4012598 for XP and Server 2003 into WSUS

Fast published article; How to import KB4012598 for MS17-010 into your WSUS asap!

I think by now every IT administrator knows about #WannaCry. If not, here are a few links:

The important thing ist, that the fix for Windows OS younger than Vista and Server 2008 and Vista is available since march. But the fix for XP and Server 2003 has only been published on Saturday I think. But it won’t appear on your WSUS until you import it manually, and you should do that right now!

Sorry for the German screenshots, but I think it will get you there!

Continue reading “#WannaCry Microsoft Security Bulletin MS17-010: Import KB4012598 for XP and Server 2003 into WSUS”

HowTo fix Windows Update on a fresh Windows 7 or Windows Server 2008 R2 installation

A common problem on fresh Windows 7 or Windows Server 2008 R2 installations is, that the Windows Update Agent is way to old to contact Microsoft for updates. After quite a bit research and help from my twitter colleague René Bigler I found the necessary updates to fix this issue.
Continue reading “HowTo fix Windows Update on a fresh Windows 7 or Windows Server 2008 R2 installation”

Update: Microsoft veröffentlicht “SP1 convenience rollup” für Windows 7 statt Service Pack 2

Grade eben im Technet Blog gelesen. Da die Update-Orgie bei Windows z und Server 2008 R2 inzwischen zu einem wahrem Horror verkommen ist, veröffentlicht Microsoft ein “SP1 convenience rollup” was alle Updates seit dem SP1, bis einschließlich April 2016 beinhaltet! Dass ich das noch erleben darf. Der Name Service Pack wird meines Wissens nach bewusst weg gelassen, da sich mit einem SP in der Vergangenheit auch immer der Support Zeitraum verlängert hat.

Continue reading “Update: Microsoft veröffentlicht “SP1 convenience rollup” für Windows 7 statt Service Pack 2″