# Installing and Configuring WSUS on Windows Server

Windows Server Update Services (WSUS) is a Microsoft tool that allows administrators to manage the distribution of updates released through Microsoft Update to computers in a corporate environment. This blog will guide you step-by-step through the installation and configuration of WSUS.

**<mark>Step 1: Install the WSUS Role</mark>**

**Open Server Manager:**

Log in to your Windows Server as an Administrator and open **Server Manager**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726472679021/e657ba8d-124d-4ca8-8efd-9c99f022e77e.png align="center")

**Add Roles and Features:**

Click on **Add Roles and Features**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726472736346/4a289e02-2aaf-4564-b617-6fdccd5406a5.png align="center")

In the **Before You Begin** section, click **Next**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726472776518/78eb271e-7afb-4d8f-bb2d-4813938e695c.png align="center")

**Select Role-Based Installation:**

Choose **Role-based or feature-based installation** and click **Next**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726472824706/4be46f34-334a-4712-8262-ba4f4ef3b350.png align="center")

**Select WSUS:**

In the list of server roles, check **Windows Server Update Services (WSUS)** and click **Next**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726473322839/a8c040ab-f648-4755-80ed-107433d440db.png align="center")

**Configure WSUS Database:**

Select a location to store WSUS updates. It is recommended to use a separate drive for storing updates. Choose the path and click **Next**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726473417495/b4b39ecc-a511-470e-b351-4878c956e7d4.png align="center")

**Install WSUS:**

Review your selections and click **Install**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726473447777/fa7c9322-0077-46de-9dd6-b1301f541084.png align="center")

The installation process may take a few minutes. After completion, click **Close**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726473533336/858f8381-c19a-4014-a2d4-6eb52925a2e5.png align="center")

**<mark>Step 2: Create a New Organizational Unit (OU) and Add Client Servers</mark>**

**Open Active Directory Users and Computers:**

Go to **Active Directory Users and Computers**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726474096722/8c923c21-13b8-4e7f-902d-f874aaaeeaf5.png align="center")

**Create a New Organizational Unit:**

Right-click on your domain and choose **New** &gt; **Organizational Unit (OU)**.

Name the OU (e.g., **WSUS** ) and click **OK**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726474058229/4caf4754-b25c-4725-99e6-e86a731b9797.png align="center")

**Add Client Servers:**

Drag and drop the computer objects (servers or workstations) you want to manage with WSUS into the newly created OU.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726476168502/121aecdd-b982-497a-88c6-7b754eb70719.png align="center")

**<mark>Step 3: Create a Group Policy for WSUS</mark>**

**Open Group Policy Management:**

Go to **Group Policy Management**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726476345115/ebca6afa-1cd0-4c35-911b-1226f9c83953.png align="center")

**Create a New Group Policy Object (GPO):**

Right-click on the newly created OU (e.g., **WSUS**) and select **Create a GPO in this domain, and link it here**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726477796086/a2bd17cb-dd75-4b6c-87da-15ab4a86d19b.png align="center")

Name the GPO (e.g., **WSUS Policy**) and click **OK**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726477754977/da8fd5d6-454d-4670-b89c-59bc61193eb3.png align="center")

**Edit the WSUS Group Policy:**

Right-click the new GPO and select **Edit**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726477852396/ec782b48-394f-4f69-bd0b-daed8466582e.png align="center")

Navigate to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726477941359/5b3a6202-e0cb-4007-8e5f-367a4640aa2f.png align="center")

**Enable the WSUS Service:**

Find the setting **Configure Automatic Updates** and enable it.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726481711256/e305937e-93a2-4bd2-a003-14ce235302b3.png align="center")

Find the setting **Specify intranet Microsoft update service location** and enable it.

Set both **Intranet update service** and **Intranet statistics server** to your WSUS server’s URL (e.g., [`http://WSUS_Server_Name:8530`](http://WSUS_Server_Name:8530)).

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726481920449/b6898e5e-f912-40a6-bdbd-b4961b9e2141.png align="center")

**<mark>Step 4: Force Group Policy Update</mark>**

**Run GPUpdate /Force Command:**

Open Command Prompt on your client machines (those added to the new OU).

Run the following command:

```plaintext
gpupdate /force
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726482322685/9b23c57c-49a4-4d51-9976-51491e9fe4e3.png align="center")

This ensures that the group policies configured for WSUS are applied immediately.

**<mark>Step 5: Configure WSUS</mark>**

**Open WSUS Console:**

After installation, open the **Windows Server Update Services (WSUS) Console**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726482534259/bcd3e963-f496-4f7d-83aa-f3cca52a56b6.png align="center")

**Initial Configuration Wizard:**

The WSUS configuration wizard will automatically launch.

Choose whether to join the **Microsoft Update Improvement Program** (optional).

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726482608923/f4927e03-f5d7-4e16-9d2f-16c171fac95e.png align="center")

Select **Upstream Server**. If your WSUS server is standalone, choose **Synchronize from Microsoft Update**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726482656659/dd8942fd-13f9-4df0-b7fb-e6b580d1f19f.png align="center")

Configure the **Proxy Server** settings if needed.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726482721498/e53f29f7-a63c-44d5-aa34-38459d6bef36.png align="center")

Click on Start Connecting

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726482813627/ced2b003-e6c0-496a-b6a7-73d42b17b0a3.png align="center")

Choose language

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726483718395/d5dbdb16-e9fb-45d7-82ba-37cf373c02f7.png align="center")

Choose the products (e.g.,Windows Server, Windows 10)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726483963820/9a280e07-3cad-47b8-b17a-50e8eddf3a45.png align="center")

Choose the classifications (e.g., Security Updates, Critical Updates) you want WSUS to download.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726484032102/0df55a02-5ef7-4f79-84f7-34b952c34abd.png align="center")

Set the **Synchronization Manually or Synchronization Auomatically**

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726484099464/e3edae31-8f18-4354-9ee9-e195c89bfa45.png align="center")

Select Begin initial **Synchronization**

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726484158158/2d1bb117-fa9a-46c7-823c-7236c2b9592f.png align="center")

Click Finish

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726484206407/47d2b023-ec89-415f-8947-1af8a68a0dec.png align="center")

**Start Synchronization:**

Click **Synchronize Now** to begin downloading updates from Microsoft.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726484346733/716f2e69-312b-4d1e-b3b6-04562efd31c6.png align="center")

**Approve Updates:**

After the synchronization, approve updates by going to **Updates** &gt; **All Updates**.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726488870171/55898505-606c-41f5-a8e1-47d69a3f787b.png align="center")

Right-click on updates and select **Approve** to distribute them to your client machines.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726488508314/cbd1744e-8da3-498b-83a3-b7d824c67239.png align="center")

In Approved Updates, Right click on the Computer group (All Computers & Unassigned Computer) &gt; Select **Approved for install**

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726489760274/7c43caa3-7d4d-4cee-bd74-5282897acdbf.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726488326331/cb57e7af-d360-4697-ab15-87d6efe4cd74.png align="center")

Now, Approval completed without errors.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1726488378402/eb620a91-93c4-4cf1-86da-5ae35e0ea3f5.png align="center")

### **Conclusion**

By following these steps, you've successfully installed and configured WSUS on your Windows Server. WSUS allows you to manage updates efficiently, ensuring that your client machines stay up to date with the latest security patches and software updates. Regularly monitor the WSUS console for update approvals and synchronize updates as needed to keep your systems secure.
