Installing the WSUS Role

  1. In Server Manager, right-click on “Roles” and select “Add Roles” from the context menu.
  2. Select the “Windows Server Update Services” role and click “Next”.
  1. Click “Next” again to proceed.
  1. Select “X:\WSUS” as the storage location and click “Next”.
  1. Choose “Use an existing database server on this computer” and click “Next”.
  1. Select “Create a Windows Server Update Services 3.0 SP2 website” and click “Next”.
  1. Click “Cancel” to exit the wizard.
  1. Install the following patches for Windows 2008 R2:
    • KB2720211
    • KB2734608

Installing the SCCM Role

  1. In the “Administration” section, right-click on the server where you installed the WSUS role.
  1. Select the “Software Update Point” SCCM role.
  1. Choose port 8530 for the software update point.
  1. Select “Synchronize from Microsoft Update” for the update source.
  1. Enable synchronization on a schedule.
  1. Leave the default selections for update classifications and products for the initial synchronization.
  1. Wait at least 15 minutes for SCCM to install the role.
  2. After installation, manually trigger the patch synchronization.
  1. Wait another 15 minutes, then configure the “Software Update Point” in the site settings.
  1. Check the “wsyncmgr.log” file to monitor synchronization progress (this can take 1-2 hours).

Deploying Patches

  1. In “Software Updates”, create a new automatic deployment rule.
  1. Name the rule and specify the collection for patch deployment.
  1. Enable Wake on LAN (WOL) if needed and click “Next”.
  1. Define the criteria for the patches to apply, such as creating a rule per product to limit package size.
  1. Enable rule execution at each synchronization.
  1. For smaller organizations (<3000 devices), schedule daily execution.
  1. Disable the restart prompt on client devices.
  1. Click “Next” to proceed.

  1. Specify the storage path for patches, ensuring SCCM has read/write access.
  1. Add your distribution points.
  1. Allow SCCM to download patches from the internet.
  1. Select only the necessary languages to limit package size.
  1. Activate the rule to ensure new patches are automatically installed on client devices.

Configuring Clients

Ensure that patch deployment is active on client devices by configuring client settings:

  1. In the client settings properties, verify that software updates are enabled.
  1. Optionally, set the patch scan schedule to run daily on client devices.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.