Active Directory/Documentation/WSUS

WolfTech's WSUS server provides a convenient way to automatically keep your computer up-to-date with the latest software updates from Microsoft. The prompt installation of security updates is critical to the security of the NC State University Network.

Usage Policy

• University-Owned Computers - All University-owned computers are automatically configured to use WSUS to install updates.
• Personal Machines - All personal machines used on the NC State University Network are required to be manually configured to use WSUS. See #How_to_Manually_Configure_Your_Personal_Computer.
• Home Machines - NCSU faculty and staff are encouraged to manually configure their home computers to use WSUS. See #How_to_Manually_Configure_Your_Personal_Computer.

Client Support

WSUS supports the following client operating systems:

• Windows 2000 SP3 or later
• Windows XP
• Windows Server 2003

Earlier operating systems, such as Windows 95, Windows 98, and Windows ME are not supported. These operating systems are no longer supported by Microsoft and should be upgraded immediately. Non-Windows operating systems are not supported.

Automatically Approved Update Classifications

The University WSUS server has been configured to automatically download and approve for installation the following update classifications:

Critical Updates Security Updates Update Rollups Definition Updates

Manually Approved Update Classifications

Updates classified as 'Service Packs' or 'Updates' are approved for download to the University WSUS server but are not approved for installation without prior consultation with IT support staff.

Unapproved Update Classifications

Updates that are classified as 'Drivers', 'Feature Packs' or 'Tools' are not downloaded to the University WSUS server.

How to Manually Configure Your Personal Computer

NOTE: You must have local administrative rights on the computer.

1. Download wsus.reg to your hard disk.
2. Double click on wsus.reg.
3. When prompted if you are sure you want to add the information to the registry, click Yes. You should see a confirmation that the information was successfully entered into the registry.
4. Click OK.
5. Reboot.

WSUS Settings for Personal Computers

WSUS Clients on Personal Computers are configured with the following settings:

• Turn on Automatic Updates.
• Point to WolfTech's WSUS server.
• Set the appropriate client-side target group - ECE-Personal.
• Auto-download and install patches approved on the WSUS server at the scheduled install time.
• Set the scheduled install time to be 2:00 PM every day.
• Reschedule patch installation to the next boot time if the regular scheduled time is missed.
• Specify a 15 minute delay that Automatic Updates will wait, following system start-up, before proceeding with a scheduled installation that was missed previously. This is to ensure that the machine is fully operational before patch installation will occur.
• Allow non-admins to install patches and to delay rebooting after patch installation.
• Set the option to not restart the computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer to complete the installation.
• Enable the immediate installation of minor patches that do not require a reboot.
• Set new update detection frequency to every 8 hours.

References

For more info about WSUS, see:

• http://www.microsoft.com/windowsserversystem/updateservices/default.mspx
• [[../Update_Policy| WSUS Update Policy]]