Set up a virtual Windows Server 2016 for Homelab: Part 9 : Update Workstation using Windows Server Update Services (WSUS)

 Now that we have our clients on the domain we can manage computer updates and patches centrally from the server. This can help with saving internet bandwidth, as resources only have to be downloaded a single time as opposed to  multiple times from every computer independently. First, we must install the Windows Server Update Service role. 

Install the Windows Server Update Services Role

Server Manager > Manage > Add Roles and Features > Next > Next > Next > Windows Server Update

 Services >  Choose WID Database and WSUS Services at the following screen

It is best practice to choose a separate drive not shared with OS drive as the WSUS folder can get very large. > Next > Finish

Configure Windows Server Update Services

Server Manager > Tools > Windows Server Update Services  > Next

Chec, the 'Yes I would like to join the Microsoft  Update Improvement Program > Next

Synchronize from Microsoft Update > Next

Start Connecting > Next 

It can take several minutes from pushing the Start Connecting button before the progress bar reaches completion. Please be patient. 

Select what products you need,  keeping in mind the available storage space you have for these. > next

Set these as default > Next

Synchronize automatically > set the first synchronization time  > one synchronization per day > next

Begin initial synchronization > Next


After pressing Finish, the WSUS console should startup . You can see what Updates there are  in ServerName > Update > All Updates. By default all Updates are set to Not Approved. Set them to Approved and they will install.

Now that we've finished configuring the Windows Server Update Services, we can create a GPO to configure the WSUS settings on the client workstations.

Create a GPO to Configure the Windows Server Update Services 

Server Manager > Tools > Group Policy Management > Right-click Group Policy Objects > New  > Name the GPO something like WSUS Settings > 

Go to Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Windows Update > and Enable the following Options at least to get WSUS working

Enable 'Configure Automatic Updates'

Enabled > Set to 4 - Auto download and schedule the install > 0- Every day > Time > Apply > OK

Enable 'Client-side Targetting'

Set 'Target group name for this computer' to 'All Computers'

Enable 'Specify intranet Microsoft Update service location'

Use the following address format for all three text inputs 


Now that we've enabled these three options, WSUS should not work. Let's link the GPO to our target Organizational Units and we'll be done.

Apply the GPO to the Target Organizational Unit

Server manager > Tools > Group Policy Management > ServerName > Link an Existing GPO... > 

choose the GPO by the name you created earlier (WSUS Settings) > OK

And now you're ready to Update and Patch all your client workstations. 

In the next and final installment of this series we will cover how to backup your server onto a local drive using Windows Backup Service.