After you install WSUS and do a basic synchronization, you configure WSUS to identify the products for which your organization requires product updates as well as the classifications of updates WSUS should download.
Once these are defined, you can synchronize updates manually or you can build an update schedule. This enables your WSUS server to download only the updates for the product categories and update classifications you have selected, both at a time of your choosing. The first initial synchronization can take hours, depending on your selections. Subsequent synchronizations pull only the newest updates since the last synchronization.
This recipe configures the WSUS1
WSUS server, which is a domain-joined system. This recipe assumes you are starting with the just-installed WSUS as performed in the Installing Windows Update Services recipe.
Get-WsusProduct | Where-Object -FilterScript {$_.Product.Title -match '^Windows Server'}
Get-WsusProduct -TitleIncludes 'Windows 10'
$CHP = (Get-WsusProduct | Where-Object -FilterScript {$_.product.title -match '^Windows Server'}).Product.Title $CHP += @('Microsoft SQL Server 2016','Windows 10') $CHP
Get-WsusProduct | Where-Object {$PSItem.Product.Title -in $CHP} | Set-WsusProduct
Get-WsusClassification
$CCL = @('Critical Updates', 'Definition Updates', 'Security Updates', 'Service Packs', 'Update Rollups', 'Updates')
Get-WsusClassification | Where-Object {$_.Classification.Title -in $CCL} | Set-WsusClassification
$WSUSServer = Get-WsusServer $WSUSSubscription = $WSUSServer.GetSubscription()
$WSUSSubscription.StartSynchronization()
$IntervalSeconds = 5 $NP = 'NotProcessing' Do { $WSUSSubscription.GetSynchronizationProgress() Start-Sleep -Seconds $IntervalSeconds } While ($WSUSSubscription.GetSynchronizationStatus() -eq $NP)
$IntervalSeconds = 1 $NP = 'NotProcessing' # Wait for synchronizing to start Do { Write-Output $WSUSSubscription.GetSynchronizationProgress() Start-Sleep -Seconds $IntervalSeconds } While ($WSUSSubscription.GetSynchronizationStatus() -eq $NP) # Wait for all phases of process to end Do { Write-Output $WSUSSubscription.GetSynchronizationProgress() Start-Sleep -Seconds $IntervalSeconds } Until ($WSUSSubscription.GetSynchronizationStatus() -eq $NP)
$WSUSSubscription.GetLastSynchronizationInfo()
$WSUSSubscription = $WSUSServer.GetSubscription() $WSUSSubscription.SynchronizeAutomatically = $true $WSUSSubscription.NumberOfSynchronizationsPerDay = 1 $WSUSSubscription.Save()
In step 1, you examine the product updates available:
In step 2, you review the version of Windows 10 that you can update using WSUS and Windows Update, like this:
In most cases, you probably do not want to support all Microsoft products. To achieve that, you begin, in step 3, by creating a list of the products you do want to support. In this step, you include all versions of Windows Server, SQL Server 2016, and all versions of Windows 10, which looks like this:
In step 4, you specify that your WSUS server should get updates for the products in the $CHP
array. There is no output from this step.
For any given product supported, Windows Update can provide a number of different kinds, classifications, of updates. In step 6, you get the classifications of update types available, which looks like this:
You may not want all these kinds of updates. To achieve this, in step 6, you build a list of the update classifications you do wish to support. In step 7, you configure your WSUS server with this list. In step 8, you obtain the synchronization status of WSUS1
, and in step 9, you initiate synchronization of update categories of WSUS1
from Windows Update. These three steps produce no output.
In step 10, you initiate a loop that gets the category synchronization status and, if it's still processing, wait a bit longer. This synchronization takes a long time—and looks like this (but with significant trimming!):
Next, in step 11, you now synchronize the updates available based on previous configuration, which, slightly trimmed to avoid pages of output, looks like this:
Once this synchronization is complete, in step 12, you can view the synchronization status, which now looks like this:
In step 13, you configure WSUS1
to download new updates every day, for those products and classifications you previously specified. This step produces no output.
In step 1, you examined the updates available for all versions of Windows Server. As you can see, this even includes very old versions of Windows Server, such as Windows Server 2003, which is now out of support and hopefully no longer being used in your organization. Inevitably, there are some organizations still running Windows Server 2003, hopefully for good business reasons. It's comforting to know that updates are still available even if the product should have been replaced years ago. You can also see that, as of the time of writing, Windows Update has no updates for Server 2019.
WSUS supports a range of products and different classifications of updates. Consider carefully what products you wish to get updates for and what update types to support. You could err on the side of caution, but that involves a lot of files and a very large number of updates you may never need.
3.147.103.8