Client Configuration for WSUS | How to Configure Client for Windows Update Server Services (WSUS)
After the Installation of Windows Update Server Services. You have to configure the client to get the updates from the update server. To configure the client you need to change the setting in the group policy editor. You need to go to every single machine and have to change the machine, if your machine in work group.
If your machine in the Active directory you can enforce the policy from GPO. I am concerning that your computer is in work group.
Go to Start ——> Run ——–> Type gpedit.msc. Then Press Enter.
Group policy editor will open in the Microsoft management console. Here you can change the settings of the client according to the update server. To change that follow the way shown below.
Expand Computer Configuration —–> Administrative Templates —–> Windows Component —–> Windows Update
Here i am listing some of the configuring options that can help the computers to get the updates from the specified update servers.
Configure Automatic Updates (Important) :
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
This setting lets you specify if automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
2 = Notify before downloading any updates and notify again before installing them.
When Windows finds updates that apply to this computer, an icon appears in the status area with a message that updates are ready to be downloaded. Clicking the icon or message provides the option to select the specific updates to download. Windows then downloads the selected updates in the background. When the download is complete, the icon appears in the status area again, with notification that the updates are ready to be installed. Clicking the icon or message provides the option to select which updates to install.
3 = (Default setting) Download the updates automatically and notify when they are ready to be installed
Windows finds updates that apply to your computer and downloads these updates in the background (the user is not notified or interrupted during this process). When the download is complete, the icon appears in the status area, with notification that the updates are ready to be installed. Clicking the icon or message provides the option to select which updates to install.
4 = Automatically download updates and install them on the schedule specified below
Specify the schedule using the options in the Group Policy Setting. If no schedule is specified, the default schedule for all installations will be everyday at 3:00 AM. If any of the updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is logged on to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.)
5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates.
With this option, the local administrators will be allowed to use the Automatic Updates control panel to select a configuration option of their choice. For example they can choose their own scheduled installation time. Local administrators will not be allowed to disable Automatic Updates’ configuration.
In My case i do not want the automatic updates to interact with the user, so i am using the 4 = Automatically download updates and install them on the schedule specified below. Here i made scheduled for Automatic Download and Scheduled to install at 2 PM. Take look below.
Specify intranet Microsoft Update Service Location: (Important)
Specifies an intranet server that host updates from the Microsoft Update Web sites. You have to specify the name of the Update server so that client can communicate and get update from the local update server.
To use this setting, you must set two servername values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server.
In My case i have local Update server named “IT” and it uses the port no “8530” for communication. so i used “http://it:8530” as the update server. here i used “8530” for communication, the reason is in my update server the Port no “80” was not available during the installation so i have configured server with the custom port of “8530”. If you haven’t configured any custom port you can simply use “http://it“.
No Auto-Restart with logged on users for Scheduled installation: (Important)
After complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically. if you haven’t configured this option the computer will restart after 5 min since the installation over, it will cause loss of unsaved data.
If the status Set to be Enabled : Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer. If the status is set to Disabled or Not Configured: Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation.
In My case I do not want system to be restart automatically after the scheduled installation.
Automatic Update Detection Frequency: (Important)
This setting species the client to check the updates between the specified interval of time. You have to mention the time (in hours) here to enable frequency time for checking update with the server. The exact wait time is determined by using the hours specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 3 hour detection frequency, then all clients to which this policy is applied will check for updates anywhere between 2 and 3 hours.
Enable Client – Side Targeting: (Optional)
Specifies the target group name or names that should be used to receive updates from local update server.
If the status is set to Enabled, the specified target group information is sent to the local update server which uses it to determine which updates should be deployed to this computer. If your local update server supports multiple target groups this policy can specify multiple group names separated by semicolons. Otherwise, a single group must be specified.
In My case i have one group on the local update server called “IT Servers“, if i am mention that target group on this window what ever updates applying to that group will be deployed on this machine.
ReShedule the Automatic update scheduled installation : (Optional)
If the Scheduled update installation missed due to the PC was not yet powered on or any other issue. You can configure install time (in min) in such a way that automatic update scheduled installation will start to install update once the system ON even after missing of scheduled automatic installation.
In My case i want to start the installation updates in 30 minutes since the power on after the missing of scheduled installation at 2 PM.
Allow Automatic Updates immediate installation: (Optional)
Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.
If the status is set to Enabled, Automatic Updates will immediately install these updates once they are downloaded and ready to install. If the status is set to Disabled, such updates will not be installed immediately.
In My case the updates that neither restart windows nor interrupt the service should install immediately.
Allow non-administrator to receive update notifications: (Optional)
Specifies whether, when logged on, non-administrative users will receive update notifications based on the configuration settings for Automatic Updates. If Automatic Updates is configured, by policy or locally, to notify the user either before downloading or only before installation, these notifications will be offered to any non-administrator who logs onto the computer.
If the status is set to Enabled, Automatic Updates will include non-administrators when determining which logged-on user should receive notification. If the status is set to Disabled or Not Configured, Automatic Updates will notify only logged-on administrators.
In My case I don’t want the non-administrator to receive the update notification. So I Disabled it.
All the above setting will be applicable only when the “Configure Automatic Updates” is Enabled.
After the configuration, you have to update these group policy by restarting the system. If you do not want to restart the system. Please enter the “gpupdate” command in Run.
All done! Now the system will get the updates from the local update server.