Deploying WSUS for Exchange patch management

Take a crash course in deploying WSUS and learn how you can use it to keep your Exchange organization patched and up to date.

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.


Introduction

We all know that it's important to keep Exchange patched and up to date, but that can be easier said than done. Exchange administrators used to have to either manually apply patches or invest in expensive patching software.

Furthermore, patching Exchange isn't enough. You must also patch the underlying operating system and client machines. At a minimum, this means patching Windows and Outlook.

The good news is that Microsoft has a free utility called Windows Server Update Service (WSUS) that can automate patching for all the products I mentioned above and more. In this article, I will walk you through how to get WSUS up and running.

The prep work

Before you install WSUS, you need to make sure your system is running the Background Intelligent Transfer Service (BITS) 2.0 and the Service Pack 1 version of the .NET Framework.

  1. BITS is a Windows component. You can install it by opening the server's Add/Remove Programs applet and clicking the Add/Remove Windows Components button.

  2. When you see the list of Windows components, select the Application Server option and click the Details button.

  3. Select the Internet Information Server option and click Details. BITS will be one of the installation choices on the resulting component list.

  4. You can download the .NET Framework component from Microsoft here.

  5. After installing BITS and the .NET Framework, you must also install Windows Server 2003 Service Pack 1.

Installing WSUS

  1. Once the prep work is done, run WSUS Setup.

  2. When the installation wizard starts, click Next to bypass the Welcome screen, and then go on to accept the license agreement.

  3. The next screen you will see asks if you want to install updates locally. This screen is referring to the patches that WSUS downloads.

    If you can spare the disk space, it is best to store the patches on the WSUS server rather than downloading them each time they're needed -- but Setup indicates that storing patches locally requires 6 GB of disk space. WSUS doesn't actually download 6 GB worth of patches, but you need to have at least that much space set aside for downloading future patches.

  4. The next screen that you will see asks which type of database you want to use. SQL Server will give you the best performance, but unless you just happen to have a spare SQL Server license or you have a huge organization, SQL Server really isn't necessary. You can choose instead to install the SQL Server Desktop Engine (typically referred to as MSDE). This component is free and included with WSUS, but using it will cost you another 2 GB of disk space.

  5. After selecting your database, you will see a screen asking whether you want IIS to use the default Web site or create a new site. Unless you are using the machine's default Web site for something else, just choose the default Web site option and click Next.

  6. Click Next again to skip the next screen, unless you have a huge organization and need to mirror another WSUS server.

  7. You will now see a screen that displays a summary of the installation options that you have chosen. Click Next one more time and installation will begin.

  8. Click Finish to complete the installation process.

Configuring WSUS

WSUS offers countless options and I don't have the space to talk about all of them. But I will at least explain the minimum configuration necessary to get WSUS up and running.

  1. Begin by going to the WSUS Admin console. To do so, open Internet Explorer and navigate to http://servername/WSUSAdmin.

  2. Next, click the Options button, followed by the Automatic Approval Options link.

    By default, WSUS is configured not to automatically install anything. You can change this by clicking the Add/Remove Classifications buttons in the Approve for Detection and Approve for Installation sections, and then selecting the types of updates that you want to automatically install.

  3. Click the Save Settings link and then click the Home button.

  4. Once you arrive on the console's Home page, click the Get Started by Synchronizing Your Server link.

  5. You will now see a page filled with options pertaining to downloading updates to your server.

    I recommend beginning by selecting the languages for which you want to download patches. After all, there is no reason to download the same patch a dozen different times if you only need one language. I also suggest checking the Products and Update Classifications sections to make sure that the appropriate types of patches will be downloaded.

    You won't see Exchange Server on the list right now, but it will appear later after you synchronize the server. For now, I recommend selecting the Microsoft checkbox in the Products section to ensure that Exchange patches are downloaded.

  6. Finally, set the synchronization schedule and click the Synchronize Now button. The initial synchronization will take a long time because there are numerous patches to download. You can watch the synchronization process from the console's Home page.

Configuring clients

The final step in the process is to point your servers and workstations to the WSUS server you've just configured.

  1. Begin by opening the Group Policy Editor and navigating through your organization's group policy to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.

  2. Double click on Configure Automatic Updates to view the Automatic Update properties sheet.

  3. Select the Enable option. Also, make sure the download and install options and the date and time options are to your liking. Then click OK to continue.

  4. Double click the Specify Intranet Microsoft Update Service Location option.

  5. When the properties sheet appears, select the Enabled option and then enter the URL for your WSUS Server. Assuming that you used the default Web site option during installation, the URL will be http://your server name/. Enter the same URL in the Set Intranet Statistics Server field.

Conclusion

You just received a crash course in deploying WSUS, which you can use to keep your Exchange organization up to date. Of course, there is a lot more to WSUS than what I have covered in this article. For more information, go here.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.


Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:

  • Reference Center: Virus protection



  • This was first published in July 2005

    Dig deeper on Microsoft Exchange Server 2003

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    SearchEnterpriseDesktop

    SearchCloudComputing

    SearchSQLServer

    Close