Difference between revisions of "Active Directory/Documentation/WSUS"
Jump to navigation
Jump to search
m (→Usage Policy) |
|||
| (30 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| + | __NOTOC__ | ||
WolfTech's WSUS server provides a convenient way to automatically keep your computer up-to-date with the latest software updates from Microsoft. The prompt installation of security updates is critical to the security of the NC State University Network. | WolfTech's WSUS server provides a convenient way to automatically keep your computer up-to-date with the latest software updates from Microsoft. The prompt installation of security updates is critical to the security of the NC State University Network. | ||
==Usage Policy== | ==Usage Policy== | ||
*<b>University-Owned Computers</b> - All University-owned computers are automatically configured to use WSUS to install updates. | *<b>University-Owned Computers</b> - All University-owned computers are automatically configured to use WSUS to install updates. | ||
| − | *<b>Personal Machines</b> - All personal machines used on the NC State University Network are required to be manually configured to use WSUS. See [[ | + | *<b>Personal Machines</b> - <!--All personal machines used on the NC State University Network are required to be manually configured to use WSUS. See [[#How_to_Manually_Configure_Your_Personal_Computer]].--> |
| − | *<b>Home Machines</b> - NCSU faculty and staff are encouraged to manually configure their home computers to use WSUS. See [[ | + | *<b>Home Machines</b> - <!--NCSU faculty and staff are encouraged to manually configure their home computers to use WSUS. See [[#How_to_Manually_Configure_Your_Personal_Computer]].--> |
==Client Support== | ==Client Support== | ||
| Line 10: | Line 11: | ||
*Windows 2000 SP3 or later | *Windows 2000 SP3 or later | ||
| − | *Windows XP | + | *Windows XP, Vista |
| − | *Windows Server 2003 | + | *Windows Server 2003, 2008 |
| − | Earlier operating systems, such as Windows 95, Windows 98, and Windows ME are not supported. Non-Windows operating systems are not supported. | + | Earlier operating systems, such as Windows 95, Windows 98, and Windows ME are not supported. These operating systems are no longer supported by Microsoft and should be upgraded immediately. Non-Windows operating systems are not supported. |
| − | ==How to Manually Configure Your Personal Computer== | + | ==Patches / Approval== |
| + | Classifications of patches and their configuration / deployment on the WolfTech WSUS server. | ||
| + | ===Automatically Approved Update Classifications=== | ||
| + | The WolfTech WSUS server has been configured to automatically download and approve for installation the following update classifications: | ||
| + | *Definition Updates | ||
| + | ===Manually Approved Update Classifications=== | ||
| + | The following classification of updates are downloaded to the WolfTech WSUS server but are not approved for installation without minimal testing by IT support staff. Unless critical circumstances arise, these patches will not be approved until after each month's "Patch Tuesday" and will be accompanied by an email to the OU Admins: | ||
| + | *Service Packs | ||
| + | *Updates | ||
| + | *Feature Packs | ||
| + | *Tools | ||
| + | *Critical Updates | ||
| + | *Security Updates | ||
| + | *Update Rollups | ||
| + | ===Unapproved Update Classifications=== | ||
| + | Updates that are classified as 'Drivers' are not downloaded to the WolfTech WSUS server. | ||
| + | |||
| + | <!--==How to Manually Configure Your Personal Computer== | ||
NOTE: You must have local administrative rights on the computer. | NOTE: You must have local administrative rights on the computer. | ||
| − | #Download [http://www.wolftech.ncsu.edu/wsus/wsus.reg wsus.reg]. | + | #Download [http://www.wolftech.ncsu.edu/wsus/restricted/wsus.reg wsus.reg] to your hard disk. |
#Double click on wsus.reg. | #Double click on wsus.reg. | ||
#When prompted if you are sure you want to add the information to the registry, click Yes. You should see a confirmation that the information was successfully entered into the registry. | #When prompted if you are sure you want to add the information to the registry, click Yes. You should see a confirmation that the information was successfully entered into the registry. | ||
#Click OK. | #Click OK. | ||
| − | #Reboot | + | #Reboot. |
| + | --> | ||
| + | |||
| + | <!--==WSUS Settings for Personal Computers== | ||
| + | WSUS Clients on Personal Computers are configured with the following settings: | ||
| − | + | *Turn on Automatic Updates. | |
| − | *Turn on Automatic Updates | + | *Point to WolfTech's WSUS server. |
| − | *Point to | + | *Set the appropriate client-side target group - ECE-Personal. |
| − | *Set the | + | *Auto-download and install patches approved on the WSUS server at the scheduled install time. |
| − | *Auto-download and install patches approved on the WSUS server at the scheduled install time | + | *Set the scheduled install time to be 2:00 PM every day. |
| − | *Set the scheduled install time to be | + | *Reschedule patch installation to the next boot time if the regular scheduled time is missed. |
| − | *Reschedule patch installation to the next boot time if the regular scheduled time is missed | + | *Specify a 15 minute delay that Automatic Updates will wait, following system start-up, before proceeding with a scheduled installation that was missed previously. This is to ensure that the machine is fully operational before patch installation will occur. |
| − | *Specify a | + | *Allow non-admins to install patches and to delay rebooting after patch installation. |
*Set the option to not restart the computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer to complete the installation. | *Set the option to not restart the computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer to complete the installation. | ||
| + | *Enable the immediate installation of minor patches that do not require a reboot. | ||
| + | *Set new update detection frequency to every 8 hours.--> | ||
| + | |||
| + | ==References== | ||
| + | For more info about WSUS, see: | ||
| + | |||
| + | *[http://www.microsoft.com/windowsserversystem/updateservices/default.mspx http://www.microsoft.com/windowsserversystem/updateservices/default.mspx] | ||
| + | *[[../Update_Policy| WSUS Update Policy]] | ||
Latest revision as of 16:30, 12 May 2011
WolfTech's WSUS server provides a convenient way to automatically keep your computer up-to-date with the latest software updates from Microsoft. The prompt installation of security updates is critical to the security of the NC State University Network.
Usage Policy
- University-Owned Computers - All University-owned computers are automatically configured to use WSUS to install updates.
- Personal Machines -
- Home Machines -
Client Support
WSUS supports the following client operating systems:
- Windows 2000 SP3 or later
- Windows XP, Vista
- Windows Server 2003, 2008
Earlier operating systems, such as Windows 95, Windows 98, and Windows ME are not supported. These operating systems are no longer supported by Microsoft and should be upgraded immediately. Non-Windows operating systems are not supported.
Patches / Approval
Classifications of patches and their configuration / deployment on the WolfTech WSUS server.
Automatically Approved Update Classifications
The WolfTech WSUS server has been configured to automatically download and approve for installation the following update classifications:
- Definition Updates
Manually Approved Update Classifications
The following classification of updates are downloaded to the WolfTech WSUS server but are not approved for installation without minimal testing by IT support staff. Unless critical circumstances arise, these patches will not be approved until after each month's "Patch Tuesday" and will be accompanied by an email to the OU Admins:
- Service Packs
- Updates
- Feature Packs
- Tools
- Critical Updates
- Security Updates
- Update Rollups
Unapproved Update Classifications
Updates that are classified as 'Drivers' are not downloaded to the WolfTech WSUS server.
References
For more info about WSUS, see:
- http://www.microsoft.com/windowsserversystem/updateservices/default.mspx
- [[../Update_Policy| WSUS Update Policy]]