locked
fine tune WSUS configurations RRS feed

  • Question

  • how do I push updates to my windows 7 clients in my AD as all of them have different updates?

    most of them have different stages of updates.

    some do not get automatically via windows update

    some get updates direct from windows update on the Internet.

    how do I configured my WSUS such that all of them are in sync ??

    Wednesday, March 29, 2017 1:44 PM

All replies

  • Hi yeowkm,

    The following deployment can meet your environment:

    1. Set up a WSUS server, in "Products and Classifications", select the related products and classifications needed by the clients;

    2. After checking required products and classifications, sync from Microsoft Update or upstream WSUS server;

    3. If you are in domain environment, create a GPO for WSUS clients, the GPO location is Computer Configuration>Policies>Administrative Template>Windows Components>Windows Update:

    In "Specify intranet Microsoft update service location", use format http://wsusname:8530 to specify the location of the WSUS server, WSUS use http port 8530.

    Configure Automatic Updates by Using Group Policy

    https://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx

    4. After configuring the GPO, run gpupdate /force on clients or wait the clients to apply the GPO automatically, if the configurations are all correct, the clients will show up in the WSUS server.

    5. After a while, WSUS clients will report to WSUS server what updates then have installed, what updates are needed by clients and other information;

    6. WSUS admins may approve the updates needed by clients, then clients will download and install the update automatically with automatic update enabled.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 30, 2017 2:09 AM
  • i have clients machines that are shown not reported to the wsus server although they are active n present in the AD.

    those not reported are shown with red cross

    how do i force to them report to the wsus server again.

    Thursday, March 30, 2017 12:57 PM
  • Hi yeowkm,

    Do you mean you have deployed WSUS environment using my above steps, and now WSUS clients could show up in the WSUS console>Computers, while they do not report the WSUS server?

    If yes, on the clients do not report to the WSUS server, please check if they enable automatic update, you may check registry keys in HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU, enable "NoAutoUpdate" is "0";

    If the registry keys are correct, while it still not report, please reset windows update components on the clients:

    https://support.microsoft.com/en-us/kb/971058

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 31, 2017 9:28 AM
  • Hi,

    Just to check if the above reply could be of help? If yes, you may mark useful reply as answer, if not, welcome to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 5, 2017 8:18 AM