DOCSLIB.ORG

Deploying Microsoft Windows Server Update Services

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Deploying Microsoft Windows Server Update Services Deploying Microsoft Windows Server Update Services Microsoft Corporation Published: June 3, 2005 Author: Tim Elhajj Editor: Sean Bentley Abstract This paper describes how to deploy Microsoft® Windows Server™ Update Services (WSUS). You will find a comprehensive description of how WSUS functions, as well as descriptions of WSUS scalability and bandwidth management features. This paper also offers step-by-step procedures for installation and configuration of the WSUS server. You will read how to update and configure Automatic Updates on client workstations and servers that will be updated by WSUS. Also included are steps for migrating from Microsoft Software Update Services (SUS) to WSUS, as well as steps for setting up a WSUS server on an isolated segment of your network and manually importing updates. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. © 2005 Microsoft Corporation. All rights reserved. Microsoft, SQL Server, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Contents Deploying Microsoft Windows Server Update Services ..................................................... 1 Abstract ....................................................................................................................... 1 Contents ............................................................................................................................. 5 Deploying Microsoft Windows Server Update Services ......................................... 8 Introduction to Deploying Windows Server Update Services ................................ 9 Design the WSUS Deployment ............................................................................. 9 Choose a Type of Deployment ......................................................................... 10 Simple WSUS Deployment ........................................................................................ 10 Chain of WSUS Servers ............................................................................................ 12 Networks Disconnected from the Internet .................................................................. 13 Choose a Management Style ........................................................................... 14 Centralized Management .......................................................................................... 14 Distributed Management ........................................................................................... 16 Choose the Database Used for WSUS ............................................................ 16 Selecting a Database ................................................................................................ 17 Database Authentication, Instance, and Database Name ......................................... 18 Determine Where to Store Updates ................................................................. 18 Local Storage ............................................................................................................ 19 Remote Storage ........................................................................................................ 19 Determine Bandwidth Options to Use for Your Deployment ............................. 21 Deferring the Download of Updates ........................................................................... 21 Filtering Updates ....................................................................................................... 22 Using Express Installation Files ................................................................................. 23 Background Intelligent Transfer Service .................................................................... 24 Determine Capacity Requirements .................................................................. 25 Install the WSUS Server ...................................................................................... 25 Configure the Firewall Between the WSUS Server and the Internet ................ 26 Prepare Disks and Partitions ............................................................................ 27 Install Required Software ................................................................................. 28 Windows Server 2003 ............................................................................................... 28 Windows 2000 Server ............................................................................................... 28 Install and Configure IIS ................................................................................... 29 IIS Lockdown Tool ..................................................................................................... 29 Client Self-Update ..................................................................................................... 31 Using the WSUS Custom Web Site ........................................................................... 31 Run WSUS Server Setup ................................................................................. 32 Configure the WSUS Server ............................................................................... 38 Access the WSUS Administration Console ...................................................... 38 Configure WSUS to Use a Proxy Server .......................................................... 39 Select Products and Classifications ................................................................. 40 Synchronize the WSUS Server ........................................................................ 40 Configure Advanced Synchronization Options ................................................. 41 Update Storage Options ............................................................................................ 41 Deferred Downloads Options .................................................................................... 41 Express Installation Files Options .............................................................................. 42 Filtering Updates Options .......................................................................................... 42 Chain WSUS Servers Together ........................................................................ 43 Create a Replica Group ................................................................................... 43 Create Computer Groups for Computers ......................................................... 45 Setting up Computer Groups ..................................................................................... 45 Approve Updates ............................................................................................. 46 Verify Update Deployment ............................................................................... 47 Secure Your WSUS Deployment ...................................................................... 47 Hardening your Windows Server 2003 running WSUS ............................................. 48 Adding Authentication Between Chained WSUS Servers in an Active Directory Environment ........................................................................................................... 48 Securing WSUS with Secure Sockets Layer ............................................................. 50 Update and Configure the Automatic Updates Client Component ....................... 55 Client Component Requirements ..................................................................... 55 Update Automatic Updates .............................................................................. 55 Automatic Updates Client Self-Update Feature ......................................................... 56 Determine a Method to Configure Automatic Updates Clients ......................... 57 Configure Automatic Updates by Using Group Policy ..................................
Load more

Recommended publications
  • Microsoft DNS
    1 a. Domain Name Service (DNS) encompassing Microsoft DNS From Wikipedia, the free encyclopedia Jump to: navigation, search Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems. Contents [hide] 1 Overview 2 DNS lookup client o 2.1 The effects of running the DNS Client service o 2.2 Differences from other systems 3 Dynamic DNS Update client 4 DNS server o 4.1 Common issues 5 See also 6 References 7 External links [edit] Overview The Domain Name System support in Microsoft Windows NT, and thus its derivatives Windows 2000, Windows XP, and Windows Server 2003, comprises two clients and a server. Every Microsoft Windows machine has a DNS lookup client, to perform ordinary DNS lookups. Some machines have a Dynamic DNS client, to perform Dynamic DNS Update transactions, registering the machines' names and IP addresses. Some machines run a DNS server, to publish DNS data, to service DNS lookup requests from DNS lookup clients, and to service DNS update requests from DNS update clients. The server software is only supplied with the server versions of Windows. [edit] DNS lookup client Applications perform DNS lookups with the aid of a DLL. They call library functions in the DLL, which in turn handle all communications with DNS servers (over UDP or TCP) and return the final results of the lookup back to the applications. 2 Microsoft's DNS client also has optional support for local caching, in the form of a DNS Client service (also known as DNSCACHE). Before they attempt to directly communicate with DNS servers, the library routines first attempt to make a local IPC connection to the DNS Client service on the machine.
    [Show full text]
  • Umail Account Migration to Exchange Online Starts on June 1
    UMail account migration to Exchange Online starts on June 1 You're receiving this email because you're subscribed to UIT's public email list. Starting Tuesday, June 1, 2021, University Information Technology (UIT) will begin to gradually migrate all University of Utah and University of Utah Health faculty and staff UMail accounts from Microsoft Exchange Server (hosted on campus) to Microsoft Exchange Online (hosted online by Microsoft infrastructure). The upgrade is part of the effort to modernize the U’s communication technology and better meet the needs of those working, learning, and teaching remotely. Faculty and staff will receive a targeted email 24 to 48 hours prior to initiation of their account migration. The total time for your migration depends on the size of the mailbox(es) to be moved and amount of data to be transferred to Microsoft servers. Extremely large mailboxes can take a number of days to transfer. If you’re unable to access your UMail account through your desktop/mobile client or web browser after the migration, please refer to this IT Knowledge Base article for instructions. Please note that UMail is always accessible via Outlook Web Access (OWA) using a web browser. After your account is moved to Exchange Online, you may receive a notification that says “The Microsoft Exchange Administrator has made a change that requires you to quit and restart Outlook.” Please follow the directions. The migration includes an updated interface for OWA, which will redirect from https://www.umail.utah.edu/ to https://outlook.office.com/. The interfaces of the Outlook desktop and mobile clients will remain the same for most users, although some macOS users may automatically update to the latest version of Outlook for Mac.
    [Show full text]
  • Windows 10: Considered Harmful
    Windows 10: Considered Harmful 26 August, 2016 Last Updated: 25 September 2016 Previously I made a series of articles against Windows 10, consisting of basic explanation, open letters, and even a long-winded chance.org petition. However, I have come to realize that these various things could be better as one page rather than fragments across my website. On this page I hope to explain why the Windows 10 system is evil and also include why Windows as a whole is Considered Harmful . Sources to unreferenced items in this article can be found in the various resource links on the bottom of the page. Information can also be found in the photographs shown and with a simple web search. The primary reason against the Windows 10 system is an obvious one. The system is designed to be a system that data-mines the user. This is proven time and time again. Using a tool such as wireshark, one can clearly see that it makes encrypted connections to a variety of Microsoft servers. This uses a very weak RSA encryption that can be broken in under a minute. When a user successfully decrypted the encrypted data, he simply converted the decrypted ``.bin'' extension to ``.png'' and opened them. The image files were screen- shots of him installing the RSA decryptor tool. This was in a VM and was a fresh install. In addition to this, another user in Australia also monitored the odd connection but did not decrypt it. He noticed this when he opened a photograph in the Windows Photo App.
    [Show full text]
  • Microsoft Skype for Business
    Spectralink 84-Series Wireless Telephone Microsoft Skype for Business Interoperability Guide (Formerly Lync Server 2013) 1725-86997-000 Rev: J September 2017 Spectralink 84-Series Wireless Telephones: Microsoft Skype for Business Interoperability Guide Copyright Notice © 2013-2017 Spectralink Corporation All rights reserved. SpectralinkTM, the Spectralink logo and the names and marks associated with Spectralink’s products are trademarks and/or service marks of Spectralink Corporation and are common law marks in the United States and various other countries. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without the express written permission of Spectralink. All rights reserved under the International and pan-American Copyright Conventions. No part of this manual, or the software described herein, may be reproduced or transmitted in any form or by any means, or translated into another language or format, in whole or in part, without the express written permission of Spectralink Corporation. Do not remove (or allow any third party to remove) any product identification, copyright or other notices. Notice Spectralink Corporation has prepared this document for use by Spectralink personnel and customers. The drawings and specifications contained herein are the property of Spectralink and shall be neither reproduced in whole or in part without the prior written approval of Spectralink, nor be implied to grant any license to make, use, or sell equipment manufactured in accordance herewith. Spectralink reserves the right to make changes in specifications and other information contained in this document without prior notice, and the reader should in all cases consult Spectralink to determine whether any such changes have been made.
    [Show full text]
  • How to Install SSL Certificates on Microsoft Servers
    How to Install SSL Certificates on Microsoft Servers Dan Sullivan How to Install SSL Certificates on Microsoft Servers Dan Sullivan Chapter 4: Installing SSL Certificates in Exchange Server, SharePoint, and SQL Server ........ 57 Common Operations ....................................................................................................................................... 57 Step 1: Prepare the Microsoft Management Console ................................................................... 57 Step 2: Acquiring an SSL Certificate .................................................................................................... 59 Certificates from Trusted Third‐Party Providers ..................................................................... 59 Generating a Self‐Signed Certificate ............................................................................................... 60 Installing SSL Certificates in Microsoft Exchange Server ................................................................ 63 The Need for SSL in Exchange Server ................................................................................................. 63 Is an Extended Validation SSL Certificate Right for You? ........................................................... 63 Acquiring and Installing an SSL Certificate in Microsoft Exchange Server ........................ 63 Acquiring an SSL Certificate in Microsoft Exchange 2010 .................................................... 64 Installing an SSL Certificate in Microsoft Exchange 2010 ....................................................
    [Show full text]
  • Windows Server Update Services 3.0 SP2 Deployment Guide
    Windows Server Update Services 3.0 SP2 Deployment Guide Microsoft Corporation Author: Anita Taylor Editor: Theresa Haynie Abstract This guide describes how to deploy Windows Server Update Services 3.0 SP2 (WSUS 3.0 SP2). You will find a comprehensive description of how WSUS functions, as well as descriptions of WSUS scalability and bandwidth management features. This guide also offers procedures for installation and configuration of the WSUS server and how to configure client workstations and servers that will be updated by WSUS. Also included are steps for setting up a WSUS server on an isolated segment of your network and manually importing updates. Copyright Notice Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
    [Show full text]
  • 8.4 Windows 8 Sync 30
    By Christian Cawley http://www.cmcawley.co.uk/ Edited by Justin Pot share: This manual is the intellectual property of MakeUseOf. It must only be published in its original form. Using parts or republishing altered parts of this guide is prohibited without permission from MakeUseOf.com Think you’ve got what it takes to write a manual for MakeUseOf.com? We’re always willing to hear a pitch! Send your ideas to [email protected]; you might earn up to $400. YOUR GUIDE TO WINDOWS 8 Table Of Contents 1. What You Need to Know About Windows 8 6 1.3 Windows 8 Devices 7 1.4 Metro vs. Desktop 7 1.5 The Touchscreen Controversy 8 2. The Windows 8 User Interface 9 2.1 Understanding Metro 9 2.2 Navigating 9 2.3 Tiles and Live Tiles 10 2.4 What If I Don’t Like Metro? 10 3. Mouse, Keyboard or Fingers? 11 3.1 Navigation with the Keyboard 11 3.2 Using a Mouse 12 3.3 The Original Pointing Device 12 3.3.1 Open the Charm Bar: Swipe from the right 13 3.3.2 Switch Apps: Swipe from the left 13 3.3.3 Snap Apps: Swipe slowly from the left 13 3.3.4 Show Running Apps: Swipe from left-and-back 13 3.3.5 Close Apps: Pull down from the top 13 3.3.6 Display Additional Menus: Swipe down 13 3.3.7 Select: Swipe down on the tile 13 3.3.8 Zoom: Pinch 13 3.3.9 Move Back and Forth Through Web Pages: Swipe left/right in Internet Explorer 13 3.4 Bringing It All Together 14 4.
    [Show full text]
  • Introduction to Microsoft Products and Product Licensing Licensing
    Volume Introduction to Microsoft Products and Product Licensing Licensing INTRODUCTION: A CLIENT SERVER NETWORK In a business environment, you would expect to find a "Client Server Network" where the users' computers (the clients) are connected to a server (or servers) in order to allow for file sharing, sharing of resources (such as printers), email, and centralized management and security. The client machines need a client operating system (such as Microsoft® Windows 10), and then any required client applications (such as Microsoft® Outlook®). Similarly, each server needs a server operating system (Windows Server®) and then any required server applications (such as Microsoft® SQL Server®). This reference card is not a complete list of all the Microsoft technologies, but just the more common ones, and unless otherwise stated, you can assume that each license is a separate purchase. More detailed licensing information is available in other reference documents in this series. CLIENT OPERATING SYSTEMS CLIENT APPLICATIONS Windows 10 is the latest version of Microsoft's client operating The most common client applications used in a business (such as Microsoft® system, replacing Windows 8.1 and Windows 7. Word and Outlook) are most likely to be licensed as a Microsoft Office suite There are several editions of Windows 10. Businesses would normally rather than as individual applications. Several different Microsoft Office 2016 use either Windows 10 Pro or Windows 10 Enterprise. suites are available (containing different individual Office applications) but Windows 10 is licensed by device. This means that a license must be Office 2016 Professional Plus and Office 2016 Standard are the editions most likely to be found in a business environment since they are the only suites acquired for each device on or from which the software is used or accessed (locally or remotely over a network).
    [Show full text]
  • DPIA Office 365 for the Web and Mobile Office Apps Data Protection
    authe DPIA Office 365 for the Web and mobile Office apps Data protection impact assessment on the processing of diagnostic data Date 30 June 2020 DPIA Office for the Web and mobile Office apps SLM Microsoft Rijk 30 June 2020 Colophon DPIA by Ministry of Justice and Security Strategic Vendor Management Microsoft (SLM Microsoft Rijk) Turfmarkt 147 2511 DP The Hague PO Box 20301 2500 EH The Hague www.rijksoverheid.nl/jenv Contact Paul van den Berg E [email protected] T 070 370 79 11 Project name DPIA report diagnostic data processing in Microsoft Office 365 for the Web and mobile Office apps (report delivered March 2020, Update June 2020) Appendix Overview telemetry data observed in iOS and Office for the Web apps Authors Privacy Company Sjoera Nas and Floor Terra, senior advisors, with the help of work student Lotte aan de Stegge www.privacycompany.eu Page 3 of 138 DPIA Office for the Web and mobile Office apps SLM Microsoft Rijk 30 June 2020 CONTENTS Colophon 3 Summary 7 Introduction 17 Part A. Description of the data processing 24 1. The processing of diagnostic data 24 1.1 About Office for the Web, the mobile Office apps and the Connected Experiences 24 1.2 Difference between content, functional and diagnostic data 33 1.3 Different types of diagnostic data 34 2. Personal data and data subjects 35 2.1 Definitions of different types of personal data 36 2.2 Diagnostic data mobile Office apps 37 2.3 Outgoing traffic to third parties mobile Office apps 40 2.4 Results access request mobile Office apps 49 2.5 Diagnostic data Office for the Web 51 2.6 Outgoing traffic to third parties Office for the Web 52 2.7 Results access requests Office for the Web 55 2.8 Diagnostic data Connected Experiences 59 2.9 Analytical services based on the system-generated log files 60 2.10 Types of personal data and data subjects 62 3.
    [Show full text]
  • Snowwall: a Visual Firewall for the Surveillance Society
    Imperial College London Department of Computing SnowWall: A Visual Firewall for the Surveillance society Madalina-Ioana Sas [email protected] June 2017 Supervised by Dr. William J. Knottenbelt Submitted in part fulfillment of the requirements for the degree of Master of Engineering in Computing of Imperial College London. 2 Abstract In the past two decades we have seen a steady increase in the adoption of various technologies that fit into what can be described as a digital lifestyle. Sharing data, experiences and our most intimate thoughts has become second nature to most people connected to the Internet. And as market trends shift so did the approach that companies and governments have in regards to each individual's digital footprint. The uncharted wild west that used to be the internet of yesteryear has become a battleground where everyone is fighting over who knows the user better. Findings such as the Snowden and the Vault7 leaks have deeply shaken the status quo in privacy. This project revolves around giving the end user back insight and control over what they involuntarily share with the world. We present SnowWall: a networking tool designed to provide insights and control into the networking activity on a Windows-based system. SnowWall interacts with the operating system, intercepts every inbound and outbound connection, provides information on the connection's state, lifetime, owning process, and most importantly, remote end point, such as geolocation and ownership information. SnowWall is a powerful tool designed to be user-friendly, which allows anyone to block unwanted connections with high-level firewall rules, such as blocking by country or by owning organization name.
    [Show full text]
  • Cisco Expressway, Lync Gateway and Microsoft Infrastructure Deployment
    Cisco Expressway with Microsoft Infrastructure Deployment Guide First Published: December 2013 Last Updated: June 2020 Cisco Expressway X12.6 Microsoft Lync Server 2010 or 2013 Skype for Business Server 2015 Cisco Systems, Inc. www.cisco.com Cisco Expressway with Microsoft Infrastructure Deployment Guide Contents Preface 4 Change History 4 Interoperability Direction Statement 5 Introduction 7 Deployment Scope 7 What is the Gateway Expressway and Why Should I Use It? 7 Recommendations 7 Deployment Components 8 Example Values in this Deployment 9 Features and Limitations 10 Microsoft Environment 10 Lync / Skype for Business Versions Supported in This Deployment 10 Voice and Video Calling 11 Integration with Cisco Unified Communications Manager IM and Presence Service 12 Screen Sharing 12 Video Codecs 14 Conferencing 14 Configuration 16 Prerequisites 16 Configuration Overview 17 Enable Calls to Microsoft Environment 18 Enable Calls from Microsoft Environment 38 Enable Calls from External Microsoft Clients 45 Enable Screen Sharing from Microsoft 47 Enable Chat / Presence from Microsoft Clients 47 Media Paths and License Usage 50 Microsoft Client Call to SIP Video Endpoint 50 Off-premises Microsoft Client Calls On-premises SIP Video Endpoint 51 Port Reference 53 Where to get Information About Port Numbers and Default Settings 53 How Many Media Ports are Required on the Gateway Expressway? 53 Appendix 1: Troubleshooting 54 2 Cisco Expressway with Microsoft Infrastructure Deployment Guide Checklist 54 Tracing Calls 54 Microsoft Problems 54 Video
    [Show full text]
  • Suite and Enterprise CAL Suite
    Commercial Licensing brief Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite This brief applies to all Microsoft Commercial Licensing programs. Contents Summary ....................................................................................................................................................................... 1 What’s new in this brief ............................................................................................................................................. 1 Details ........................................................................................................................................................................... 2 CAL Suites .............................................................................................................................................................. 2 Use Rights .............................................................................................................................................................. 2 Core CAL Suite and Enterprise CAL Suite ..................................................................................................... 2 Management Server Rights .............................................................................................................................. 4 Subscription Services components ................................................................................................................. 4 Obtaining Enterprise CAL Suite Licenses and equivalent functionality
    [Show full text]