تبلیغات
آموزش حرفه ای کامپیوتر و شبکه - Step-by-Step of wsus -Part 2

آموزش حرفه ای کامپیوتر و شبکه

به وبلاگ گروه Persiansec خوش آمدید

 

  
 
  
. با کلیک روی ستاره ها به وبلاگ امتیاز دهید 

www.persiansec.com

یکشنبه 24 آبان 1388

Step-by-Step of wsus -Part 2

نویسنده: F.H Rabet   طبقه بندی: آموزش،  Network،  Microsoft،  English Doc، 

 

After you configure the network connection, you can obtain updates. By default, WSUS is configured to download Critical and Security Updates for all Microsoft products. To get updates, you must synchronize the WSUS server.

Synchronization involves the WSUS server contacting Microsoft Update. After making contact, WSUS determines if any new updates have been made available since the last time you synchronized. Because this is the first time you are synchronizing the WSUS server, all of the updates are available and are ready for your approval for installation.

Note:

This paper describes synchronizing using the default settings, but WSUS includes options that enable you to minimize bandwidth use during synchronization. For more information, see the “Deploying Microsoft Server Windows Update Services” white paper.

To synchronize your WSUS server

1.   On the WSUS console toolbar, click Options, and then click Synchronization Options.

2.   Under Tasks, click Synchronize now.

After the synchronization finishes, click Updates on the WSUS console toolbar to view the list of updates.

WSUS client computers require a compatible version of Automatic Updates. WSUS Setup automatically configures IIS to distribute the latest version of Automatic Updates to each client computer that contacts the WSUS server.

Note:

Although most versions of Automatic Updates can be pointed to the WSUS server and they will automatically self-update to the WSUS-compatible version, the version of Automatic Updates included with Windows XP without any service packs cannot update itself automatically. If you have Windows XP without any service packs in your environment, and you have never used Software Update Services (SUS), see the “Deploying Microsoft Windows Server Update Services” white paper for instruction.

The best way to configure Automatic Updates depends upon your network environment. In an Active Directory environment, you can use an Active Directory-based Group Policy object (GPO). In a non-Active Directory environment, use the Local Group Policy object. Whether you use the Local Group Policy object or a GPO stored on a domain controller, you must point your client computers to the WSUS server, and then configure Automatic Updates.

The following instructions assume that your network runs Active Directory. These procedures also assume that you have already set up and are familiar with Group Policy and use it to manage your network. You need to create a new Group Policy object (GPO) for WSUS settings, and link the GPO on the domain level.

For more information about Group Policy, see the Group Policy page at http://go.microsoft.com/fwlink/?LinkID=47375.

Step 5 contains the following procedures:

·      Load the WSUS Administrative Template.

·      Configure Automatic Updates.

·      Point client computers to your WSUS server.

·      Manually initiate detection on the client computer.

Perform the next three procedures on an Active Directory-based Group Policy object.

To add the WSUS Administrative Template

1.   In Group Policy Object Editor, click either of the Administrative Templates nodes.

2.   On the Action menu, click Add/Remove Templates.

3.   Click Add.

4.   In the Policy Templates dialog box, click wuau.adm, and then click Open.

5.   In the Add/Remove Templates dialog box, click Close.

To configure the behavior of Automatic Updates

1.   In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.

2.   In the details pane, double-click Configure Automatic Updates.

3.   Click Enabled, and then click one of the following options:

·      Notify for download and notify for install. This option notifies a logged-on administrative user prior to the download and prior to the installation of the updates.

·      Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates.

·      Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.

·      Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.

4.   Click OK.

Note:

The setting Allow local admin to choose setting only appears if Automatic Updates has updated itself to the version compatible with WSUS.

To point the client computer to your WSUS server

1.   In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.

2.   In the details pane, double-click Specify intranet Microsoft update service location.

3.   Click Enabled, and type the HTTP URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http://servername in both boxes.

4.   Click OK.

Note:

If you are using the Local Group Policy object to point this computer to WSUS, this setting takes effect immediately and this computer should appear in the WSUS administrative console in about 20 minutes. You can speed this process up by manually initiating a detection cycle.

After you set up a client computer, it will take a few minutes before it appears on the Computers page in the WSUS console. For client computers configured with an Active Directory-based GPO, it will take about 20 minutes after Group Policy refreshes (that is, applies any new settings to the client computer). By default, Group Policy refreshes in the background every 90 minutes, with a random offset of 0 to 30 minutes. If you want to refresh Group Policy sooner, you can go to a command prompt on the client computer and type: gpupdate /force.

For client computers configured with the Local GPO, Group Policy is applied immediately and it will take about 20 minutes.

Once Group Policy is applied, you can initiate detection manually. If you perform this step, you do not have to wait 20 minutes for the client computer to contact WSUS.

To manually initiate detection by the WSUS server

1.   On the client computer click Start, and then click Run.

2.   Type cmd, and then click OK.

3.   At the command prompt, type wuauclt.exe /detectnow. This command-line option instructs Automatic Updates to contact the WSUS server immediately.

Computer groups are an important part of WSUS deployments, even a basic deployment. Computer groups enable you to target updates to specific computers. There are two default computer groups: All Computers and Unassigned Computers. By default, when each client computer initially contacts the WSUS server, the server adds it to both these groups.

You can create custom computer groups. One benefit of creating computer groups is that it enables you to test updates before deploying them widely. If the testing goes well, you can roll out the updates to the All Computers group. There is no limit to the number of custom groups you can create.

Setting up computer groups is a three-step process. First, you specify how you are going to assign computers to the computer groups. There are two options: server-side targeting and client-side targeting. Server-side targeting involves manually adding each computer to its group by using WSUS. Client-side targeting involves automatically adding the clients by using either Group Policy or registry keys. Second, you create the computer group on WSUS. Third, you move the computers into groups by using whichever method you chose in the first step.

This paper explains how to use server-side targeting and manually move computers to their groups by using the WSUS console. If you had numerous client computers to assign to computer groups you could use client-side targeting, which would automate moving computers into computer groups.

You can use Step 6 to set up a test group that contains at least one test computer.

This step contains the following procedures:

·      Specify server-side targeting.

·      Create a group.

·      Move computers to the group.

To specify the method for assigning computers to groups

1.   On the WSUS console toolbar, click Options, and then click Computer Options.

2.   In the Computer Options box, click Use the Move computers task in Windows Server Update Services.

3.   Under Tasks, click Save settings, and then click OK when the confirmation dialog box appears.

To create a group

1.   On the WSUS console toolbar, click Computers.

2.   Under Tasks, click Create a computer group.

3.   In the Group name box, type Test, and then click OK.

Use the next procedure to assign a client computer appropriate for testing to the test group. A client computer appropriate for testing is any computer with software and hardware indicative of the majority of computers on your network, but not a computer assigned to a critical role. In this way, you can tell how well the computers comparable to the test computer will fare with the updates you approve.

To manually add a computer to the Test group

1.   On the WSUS console toolbar, click Computers.

2.   In the Groups box, click the group of the computer you want to move.

3.   In the list of computers, click the computer you want to move.

4.   Under Tasks, click Move the selected computer.

5.   In the Computer group list, select the group you want to move the computer to, and then click OK.

In this step you approve an update for any test client computers in the Test group. Computers in the group will check in with the WSUS server over the next 24 hours. After this period, you can use the WSUS reporting feature to determine if those updates have been deployed to the computers. If testing goes well, you can then approve the same update for the rest of the computers in your organization.

Step 7 contains the following procedures:

·      Approve and deploy an update.

·      Check the Status of Updates report.

To approve and deploy an update

1.   On the WSUS console toolbar, click Updates. By default, the list of updates is filtered to show only Critical and Security Updates that have been approved for detection on client computers. Use the default filter for this procedure.

2.   On the list of updates, select the updates you want to approve for installation. Information about a selected update is available on the Details tab. To select multiple contiguous updates, press and hold down the SHIFT key while selecting; to select multiple non-contiguous updates, press and hold down the CTRL key while selecting.

3.   Under Update Tasks, click Change approval. The Approve Updates dialog box appears.

4.   In the Group approval settings for the selected updates list, click Install from the list in the Approval column for the Test group, and then click OK.

Note:

There are many options associated with approving updates, such as setting deadlines and uninstalling updates. These are discussed in the “Microsoft Windows Server Update Services Operations Guide” white paper.

After 24 hours, you can use the WSUS reporting feature to determine if those updates have been deployed to the computers.

To check Status of Updates report

1.   On the WSUS console toolbar, click Reports.

2.   On the Reports page, click Status of Updates.

3.   If you want to filter the list of updates, under View, select the criteria you want to use, and then click Apply.

4.   If you want to see the status of an update by computer group and then by computer, expand the view of the update as necessary.

5.   If you want to print the Status of Updates report, under Tasks, click Print report.

If the updates were successfully deployed to the Test group, you can approve the same updates for the rest of the computers in your organization.

 

www.persiansec.com

Persian Security

مطالب نوشته شده در این وبلاگ  بعضاً  از منابع دیگری گردآوری شده

در صورت  بروز هر مشکلی ارسال پیغام به مدیر ارتباطات گروه امنیت گستر پرشیا

() نظرات
                                           رفتن به بالای صفحه




آمار وبلاگ

  • تاریخ افتتاح بلاگ:   1388/7/1
  • کل بازدید :
  • بازدید امروز :
  • بازدید دیروز :
  • بازدید این ماه :
  • بازدید ماه قبل :
  • تعداد نویسندگان :
  • تعداد کل پست ها :
  • آخرین بروز رسانی :
  • آخرین بازدید :

 

سرویس و نگهداری در کل کشور


جستجوی پیشرفته

Google

در این وبلاگ
در كل اینترنت