Active Directory/Documentation/WSUS
Revision as of 09:43, 31 May 2006 by Pgmurphy (talk | contribs) (→How to Manually Configure Your Personal Computer)
WolfTech's WSUS server provides a convenient way to automatically keep your computer up-to-date with the latest software updates from Microsoft. The prompt installation of security updates is critical to the security of the NC State University Network.
Usage Policy
- University-Owned Computers - All University-owned computers are automatically configured to use WSUS to install updates.
- Personal Machines - All personal machines used on the NC State University Network are required to be manually configured to use WSUS. See Active_Directory/WSUS#How_to_Manually_Configure_Your_Personal_Computer.
- Home Machines - NCSU faculty and staff are encouraged to manually configure their home computers to use WSUS. See Active_Directory/WSUS#How_to_Manually_Configure_Your_Personal_Computer.
Client Support
WSUS supports the following client operating systems:
- Windows 2000 SP3 or later
- Windows XP
- Windows Server 2003
Earlier operating systems, such as Windows 95, Windows 98, and Windows ME are not supported. Non-Windows operating systems are not supported.
How to Manually Configure Your Personal Computer
NOTE: You must have local administrative rights on the computer.
- Download wsus.reg to your hard disk.
- Double click on wsus.reg.
- When prompted if you are sure you want to add the information to the registry, click Yes. You should see a confirmation that the information was successfully entered into the registry.
- Click OK.
- Reboot.
WSUS Settings for Personal Computers
WSUS Clients on Personal Computers are configured with the following settings:
- Turn on Automatic Updates.
- Point to WolfTech's WSUS server.
- Set the appropriate client-side target group - ECE-Personal.
- Auto-download and install patches approved on the WSUS server at the scheduled install time.
- Set the scheduled install time to be 2:00 PM every day.
- Reschedule patch installation to the next boot time if the regular scheduled time is missed.
- Specify a 15 minute delay that Automatic Updates will wait, following system start-up, before proceeding with a scheduled installation that was missed previously. This is to ensure that the machine is fully operational before patch installation will occur.
- Allow non-admins to install patches and to delay rebooting after patch installation.
- Set the option to not restart the computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer to complete the installation.
- Enable the immediate installation of minor patches that do not require a reboot.
- Set new update detection frequency to every 8 hours.