How I build and maintain WSUS Server

There are hundreds of WSUS Server Tutorials available in the World Wild Web, and none of them fitted all my needs. I would never say that my way is the best way, but I spent quite some time with WSUS in the last few years and by now all of the servers I maintain work quite stable. (Except 2008, I hate Server 2008). 

First of all sorry for the German screenshots, but I thought better German screenshots than no article. The next time I setup a en-US WSUS I will swap the screenshots. 

Your best bet IMHO is to switch to Microsoft Windows Server 2016 asap. Server 2008 R2 won’t get Support for Windows 10 Feature Upgrades and Server 2012 R2 got it very delayed through an “interesting” hotfix. Windows Server 2016 seems to be the most reliable choice.
Second lesson I learned is, always install the Microsoft SQL Server Management Studio on the WSUS Server. You will need it sooner than later.
Third lesson is that WSUS will fail sooner or later, if you don’t execute a maintenance script on a regular basis.  Continue reading “How I build and maintain WSUS Server”

Taking back control of Windows Update: Install Updates when you want to!

For years we were more than unsatisfied with the options we had to choose from to patch our Microsoft Windows Servers. Without additional utility you are restricted to the few options Group Policy offers. So as I am always searching for a simple but efficient solution to such a painful problem, I combined two fantastic tools, to a powerful Windows Update Scheduler: PDQ Deploy and ABC Update.

tl;dr: If you choose option “3 – Auto download and notify for install” for your WSUS Group Policy, you can take any advanced Task Scheduler like PDQ Deploy in combination with ABC-Update to install Windows Updates scheduled the way YOU want it to be!

Prologue, where is my problem?

First let’s take a look at the options Microsoft offers us and why I refuse to rely on those. If I’m not completely mistaken the only Policy to choose when to patch Windows Updates has been “Configure Automatic Updates” since ever: Continue reading “Taking back control of Windows Update: Install Updates when you want to!”

HowTo fix Windows Update on a fresh Windows 7 or Windows Server 2008 R2 installation

A common problem on fresh Windows 7 or Windows Server 2008 R2 installations is, that the Windows Update Agent is way to old to contact Microsoft for updates. After quite a bit research and help from my twitter colleague René Bigler I found the necessary updates to fix this issue.
Continue reading “HowTo fix Windows Update on a fresh Windows 7 or Windows Server 2008 R2 installation”