Configuring WSUS with GPO

In our first article Windows Server üzerinde WSUS We have provided the installation, WSUS What, WSUS what is it used for and WSUS We talked about how to set up a role.

We have completed the installation WSUS to make our server available to clients on our network Group Policy Objects (GPO) We will make the necessary configurations through. These configurations will be done directly on the client machines. From Microsoft not, we established WSUS will allow you to get it from your server.

Configuring WSUS with Group Policy

Firstly, Group Policy Management Console (GPMC) through WSUS a special for Group Policy Object (GPO) Let's start by creating the .

To manage the GPO we created, right-click and select 'Edit' to proceed.

Later Group Policy We created for PolicyWe need to follow the steps below

  • Computer Configuration – Policies – Administrative Templates – Windows Components – Windows Update – Configure Automatic Updates in your step Enabled we need to bring it into position.

In this window, you can specify when and how updates are installed. Important options that you can configure:

  • Auto download and notify for install: WSUS Updates are automatically downloaded but require user approval for installation.
  • Auto download and schedule the install: WSUS It ensures that updates are automatically downloaded and installed within a certain time period.

Scheduled install day ve Scheduled install time Edit the fields to specify the day and time updates should occur. You can choose to have updates occur outside of business hours.

Once the configuration is complete, Apply ve OK Save the settings with the buttons and close the window.

In the last step, you created GPO's appropriate OU (Organizational Unit) or domain to ensure that policies are applied to relevant devices. Planning and implementing your operations in detail will provide a seamless experience in your management processes.

If the next step WSUS determine how the installation will identify updates on the network.

  • Computer Configuration – Policies – Administrative Templates – Windows Components – Windows Update – Specify intranet Microsoft update service location We come to the option.

In this window you need to fill in two important fields:

  • Set the intranet update service for detecting updates: This field specifies which server the clients will detect updates from. Your server's IP address and WSUS the port on which the role is installed “http:// :8530” enter the form.
  • Set the intranet statistics server: This field determines which server the clients will send their update statistics to. Usually this is the same server that detects the updates. Same address “http:// :8530” You can enter as.

After updating the Group Policy configuration, we can perform the following steps via command prompt (CMD) for the changes to take effect immediately:

  1. start open the menu and DCM typing Run as administrator We need to open with
  2. In the Command Prompt window that opens gpupdate /force Type and press ENTER. This command updates and enforces all group policies, ensuring that any changes you make are applied immediately.

Checking WSUS GPO Configuration with Regedit

To verify that Group Policy updates are applied properly, you can check the Registry:

  1. start Go back to the menu and regedit Type and press ENTER. This will open the Registry Editor.
  2. In the Registry Editor, navigate to the following path:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Here, two software is introduced to teach how to WUServer ve WUStatusServer Check the values. These values ​​indicate whether the WSUS configuration was applied correctly. WUServer ve WUStatusServer, WSUS your server URLIf these values ​​are set correctly, your configuration has been applied successfully.

Note: Group Policy the Policy object we created, WSUS I want to be included in the service OU It must be linked in. 

Computer based Group Policy Objects (GPO) To implement it, first, target computers are Organizational Unit (OU) We need to move it to the bottom. We can do this with these steps:

  1. Group Policy Management open the console.
  2. Right click on the computer you want to move and Move Select the option.
  3. You want to move OUBy selecting , you can set the computer to this OU move it to the bottom.

After you complete the computer migration process, follow these steps to link the Group Policy Objects (GPOs) that you want to apply to the appropriate OU:

  1. Group Policy Management turn the console back on.
  2. WSUS the computer you will include in the service OURight click on .
  3. Link an Existing GPO Click .
  4. You want to apply from the list GPOSelect and OK By pressing the button you will complete the connection.

Creating Groups on WSUS and Moving Computers

Windows Server Update Services (WSUS) computers to which you have applied the relevant settings via group policy after completing the configuration, WSUS by default in the console Computer – All Computers – Unassigned Computers is listed under the category.

For more organized management, dividing computers into groups based on their operating systems or departments within the organization will make things easier.

  1. WSUS open the console.
  2. All Computers Right click on the section and Add Computer Group Select the option.
  3. Enter a name for the new group and customize it to suit your organization's needs, then OKClick .

After you create a group, you can move computers from the list of unassigned computers to the group you just created:

  1. Unassigned Computers Under, right-click on the computer you want to move to the group.
  2. Change Membership Click .
  3. Select the new group you created from the drop-down list and OKYou can move the computer object into the group you specified.

Update Distribution with WSUS

Microsoft's to easily distinguish and manage specific updates among the systems it offers WSUS You can create a custom update view in the dashboard. This allows you to filter updates to show only those for specific products.

  • We open the Wsus Console.
  • We continue with the New Update View option on the Updates tab.
  • In the window that opens Updates are for a specific product tick the option.
  • Step 2 in the part Any Product From the vertical menu, select the Microsoft system for which you want to see updates.
  • Step 3 In the section, give this filter a name. For example, if you want to distinguish updates for Windows 10, you can give it a meaningful name like “W10 Updates.”

By clicking on the new update view you created, you can see the available updates for the product you selected. From here, you can select the updates you want and start deploying them:

  • Right-click on the update you want to deploy and Approve Select the option.
  • In the window that opens, select which group or groups the update will be distributed to. You can apply the update distribution to a single group or to all computers.

Your Windows 10 systems have started receiving updates that you have initiated via WSUS. This is Group Policy Management (GPO) will occur regularly according to your settings.

At the time and frequency you specify, the systems will automatically check for and install new updates. This arrangement ensures that all your devices remain up-to-date and secure. WSUSis an extremely effective tool for managing updates from a central point and optimizing network traffic.

One comment on “Configuring WSUS with GPO”

Comment