WSUS Automated Maintenance

Windows Server Update Services (WSUS) aren’t always fun to manage.
Console stops responding? Large WSUS folder? Decline superseded updates? Hundreds of Language packs? Windows XP updates? There is a solution!

In many companies, either small, medium or large Windows Server Update Services (WSUS) is a must. WSUS is necessary if you plan to cache and control the distribution of Windows and Office updates in your local network. But WSUS has its issues out-of-the-box. Let’s take a look at WSUS Automated Maintenance by Adam Marshall! Continue reading “WSUS Automated Maintenance”

How I build and maintain WSUS Server

There are hundreds of WSUS Server Tutorials available in the World Wild Web, and none of them fitted all my needs. I would never say that my way is the best way, but I spent quite some time with WSUS in the last few years and by now all of the servers I maintain work quite stable. (Except 2008, I hate Server 2008). 

First of all sorry for the German screenshots, but I thought better German screenshots than no article. The next time I setup a en-US WSUS I will swap the screenshots. 

Your best bet IMHO is to switch to Microsoft Windows Server 2016 asap. Server 2008 R2 won’t get Support for Windows 10 Feature Upgrades and Server 2012 R2 got it very delayed through an “interesting” hotfix. Windows Server 2016 seems to be the most reliable choice.
Second lesson I learned is, always install the Microsoft SQL Server Management Studio on the WSUS Server. You will need it sooner than later.
Third lesson is that WSUS will fail sooner or later, if you don’t execute a maintenance script on a regular basis.  Continue reading “How I build and maintain WSUS Server”

Taking back control of Windows Update: Install Updates when you want to!

For years we were more than unsatisfied with the options we had to choose from to patch our Microsoft Windows Servers. Without additional utility you are restricted to the few options Group Policy offers. So as I am always searching for a simple but efficient solution to such a painful problem, I combined two fantastic tools, to a powerful Windows Update Scheduler: PDQ Deploy and ABC Update.

tl;dr: If you choose option “3 – Auto download and notify for install” for your WSUS Group Policy, you can take any advanced Task Scheduler like PDQ Deploy in combination with ABC-Update to install Windows Updates scheduled the way YOU want it to be!

Prologue, where is my problem?

First let’s take a look at the options Microsoft offers us and why I refuse to rely on those. If I’m not completely mistaken the only Policy to choose when to patch Windows Updates has been “Configure Automatic Updates” since ever: Continue reading “Taking back control of Windows Update: Install Updates when you want to!”

#WannaCry Microsoft Security Bulletin MS17-010: Import KB4012598 for XP and Server 2003 into WSUS

Fast published article; How to import KB4012598 for MS17-010 into your WSUS asap!

I think by now every IT administrator knows about #WannaCry. If not, here are a few links:

The important thing ist, that the fix for Windows OS younger than Vista and Server 2008 and Vista is available since march. But the fix for XP and Server 2003 has only been published on Saturday I think. But it won’t appear on your WSUS until you import it manually, and you should do that right now!

Sorry for the German screenshots, but I think it will get you there!

Continue reading “#WannaCry Microsoft Security Bulletin MS17-010: Import KB4012598 for XP and Server 2003 into WSUS”

Update: Wichtiger WSUS Hotfix für Server 2012 R2 erfordert manuelles Nacharbeiten!

Für den WSUS unter 2012 R2 ist erneut ein Hotfix für den Windows 10 Support erschienen. Wenn dieser Hotifx ohne die geforderten Nacharbeiten durchgeführt wird, stellt euer WSUS den Dienst ein, solange ihr die notwendigen Schritte nicht nacharbeitet.

Folgender Microsoft Artikel beschreibt die notwendigen Schritte:
http://blogs.technet.com/b/wsus/archive/2016/04/22/what-you-need-to-know-about-kb3148812.aspx

Update (15.05.2016): Inzwischen gibt es einen Hotfix für den Hotfix, der Final alle Probleme lösen soll. Der KB Artikel beschreibt detailliert die notwendigen Schritte. Bei uns war dieses Wochenende Patchday, und die ersten WSUS Server haben auf Grund des Updates erstmal kollektiv ihren Dienst eingestellt!
https://support.microsoft.com/en-us/kb/3159706