• Microsoft .NET Framework Version 2.0 Redistributable Package (x86). To download this
software, go to the Download Center (http://go.microsoft.com/fwlink/?LinkID=68935). (For 64-
bit platforms, also go to the Download Center [http://go.microsoft.com/fwlink/?LinkID=70637].)
• Microsoft Report Viewer Redistributable 2005. To obtain this software, go to the Download
Center (http://go.microsoft.com/fwlink/?LinkID=70410).
• Microsoft Management Console 3.0 for Windows Server 2003 (KB907265). To download this
software, go to the Download Center (http://go.microsoft.com/fwlink/?LinkID=70412). (For 64-
bit platforms, also go to the Download Center [http://go.microsoft.com/fwlink/?LinkID=70638].)
Software Requirements for Installing WSUS 3.0 on
Windows Server 2008
To install WSUS 3.0 on Windows Server 2008, you must have the following installed on your
computer. If any of these updates require restarting the server when installation is completed, you
should restart your server before installing WSUS 3.0.
• Microsoft Internet Information Services (IIS) 7.0. Ensure that the following components are
enabled:
• Windows Authentication
• ASP.NET
• 6.0 Management Compatibility
• IIS Metabase Compatibility
• Microsoft Report Viewer Redistributable 2005. To download this software, go to the Download
Center (http://go.microsoft.com/fwlink/?LinkID=70410).
• Microsoft SQL Server™ 2005 Service Pack 1. To download this software, go to the Download
Center (http://go.microsoft.com/fwlink/?LinkID=66143).
The .NET Framework 2.0 and BITS 2.0 update are available on Windows Server 2008 as part of
the operating system.
Disk requirements and recommendations
To install WSUS 3.0, the file system of the server must meet the following requirements:
• Both the system partition and the partition on which you install WSUS 3.0 must be formatted
with the NTFS file system.
• A minimum of 1 GB of free space is recommended for the system partition.
• A minimum of 20 GB of free space is recommended for the volume where WSUS stores
content; 30 GB of free space is recommended.
• A minimum of 2 GB of free space is recommended on the volume where WSUS Setup installs
Windows® Internal Database.
6
Console-only installation requirements
WSUS 3.0 now allows you to install the WSUS Administration console on remote systems
separate from the WSUS server. Console-only installations may be performed on the following
operating systems:
• Windows Server® 2008
• Windows Vista®
• Windows Server 2003 Service Pack 1
• Windows XP Service Pack 2
The following are the software prerequisites for console-only installation
• Microsoft .NET Framework Version 2.0 Redistributable Package (x86), available on the
Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=68935). For 64-bit
platforms, go to Microsoft .NET Framework Version 2.0 Redistributable Package (x64)
(http://go.microsoft.com/fwlink/?LinkId=70637).
• Microsoft Management Console 3.0 for Windows Server 2003 (KB907265), available on the
Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=70412). For 64-bit
platforms, go to Microsoft Management Console 3.0 for Windows Server 2003 x64 Edition
(KB907265) (http://go.microsoft.com/fwlink/?LinkId=70638).
• Microsoft Report Viewer Redistributable 2005, available on the Microsoft Download Center
(http://go.microsoft.com/fwlink/?LinkId=70410).
Automatic Updates requirements
Automatic Updates is the client component of WSUS 3.0. Automatic Updates has no hardware
requirements other than being connected to the network. You can use Automatic Updates with
WSUS 3.0 on computers running any of the following operating systems:
• Windows Vista.
• Windows Server® 2008.
• Microsoft Windows® Server 2003, all versions and service packs.
• Microsoft Windows XP Professional, Service Pack 1 or Service Pack 2.
• Microsoft Windows 2000 Professional Service Pack 4, Windows 2000 Server Service Pack 4,
or Windows 2000 Advanced Server Service Pack 4.
Permissions
The following disk permissions must be granted to the specified users for the specified
directories:
1. Either the built-in group Users or the NT Authority\Network Service account (on Windows
Server 2003) should have read permission for the root folder on the drive where the WSUS
content directory resides. If this permission is missing, BITS downloads will fail.
7
2. The NT Authority\Network Service account should have "Full Control" permission for the
WSUS content directory, usually <SystemDriver>:WSUS\WsusContent. This permission is
set by WSUS server setup when it creates the directory, but some security software may
reset this permission. If this permission is missing, BITS downloads will fail.
3. The NT Authority\Network Service account should have “Full Control” permission for the
following folders in order for the WSUS Administration snap-in to display correctly:
• %windir%\Microsoft .NET\Framework\v2.0.50727\Temporary ASP.NET Files
• %windir%\Temp
For more information about setting permissions, see DCPROMO Does Not Retain Permissions
on Some IIS Folders at http://go.microsoft.com/fwlink/?LinkID=76332.
Step 2: Install WSUS 3.0 on Your Server
After ensuring that your server meets the installation requirements, you are ready to install WSUS
3.0. You must log on to the server on which you plan to install WSUS 3.0 by using an account that
is a member of the local Administrators group. Only members of the local Administrators group
can install WSUS 3.0.
The following procedure uses the default WSUS installation options, which include installing
Windows Internal Database for the WSUS 3.0 database software, storing updates locally, and
using the IIS Default Web site on port 80.
To install WSUS 3.0
1. Double-click the installer file, WSUSSetup.exe.
2. On the Welcome page of the installation wizard, click Next.
3. On the Installation Mode Selection page, click Full server installation including
Administration Console if you wish to install the server on this computer, or
Administration Console only if you wish to install the administration console only.
4. On the License Agreement page, read the terms of the license agreement carefully,
click I accept the terms of the License agreement, and then click Next.
8
5. On the Select Update Source page of the installation wizard, you can specify where
clients get updates. If you select the Store updates locally check box, updates are
stored on the WSUS 3.0 server, and you select a location in the file system to store
updates. If you do not store updates locally, client computers connect to Microsoft Update
to get approved updates. Keep the default options, and click Next.
9
6. On the Database Options page, select the software used to manage the WSUS 3.0
database. By default, WSUS Setup offers to install Windows Internal Database, if the
computer on which you are installing runs Windows Server 2003.
7. If you do not wish to use Windows Internal Database, you must provide a SQL Server
instance for WSUS to use, by clicking Using an existing database server on this
computer and typing the instance name in the box. The instance name should appear as
<serverName>\<instanceName>, where serverName is the name of the server and
instanceName is the name of the SQL instance. Make your selection, and then click
Next.
8. On the Connecting to SQL Server Instance page, WSUS will try to connect to the
specified instance of SQL Server. When it has connected successfully, click Next to
continue.
10
9. On the Web Site Selection page, specify the Web site that WSUS 3.0 will use. If you
wish to use the default IIS Web site on port 80, select the first option. If you already have
a Web site on port 80, you can create an alternate site on port 8530 by selecting the
second option. Keep the default option and click Next.
10. On the Ready to Install Windows Server Update Services page, review the selections,
and then click Next.
11. The final page of the installation wizard will tell you whether or not the WSUS 3.0
installation was completed successfully. After you click Finish the configuration wizard
will be launched.
Step 3: Configure the Network Connection
for WSUS 3.0
After installing WSUS 3.0, the configuration wizard will launch automatically. You can also run it
later through the Options page of the WSUS 3.0 console.
Before beginning the configuration process, be sure you know the answers to the following
questions:
1. Is the server's firewall configured to allow clients to access the server?
11
2. Can this computer connect to the upstream server (such as Microsoft Update)?
3. Do you have the name of the proxy server and the user credentials for the proxy server, if
needed?
By default, WSUS is configured to use Microsoft Update as the location from which to obtain
updates. If you have a proxy server on your network, you can configure WSUS to use the proxy
server. If there is a corporate firewall between WSUS and the Internet, you might need to
configure the firewall to ensure that WSUS can obtain updates.
Note
Although you must have Internet connectivity to download updates from Microsoft
Update, WSUS offers you the ability to import updates onto networks not connected to
the Internet.
Step 3 contains the following procedures:
• Configure your firewall.
• Specify the way this server will obtain updates (either from Microsoft Update or from another
WSUS server).
• Configure proxy server settings, so WSUS can obtain updates.
To configure your firewall
• If there is a corporate firewall between WSUS and the Internet, you might need to
configure that firewall to ensure WSUS can obtain updates. To obtain updates from
Microsoft Update, the WSUS server uses port 80 for HTTP protocol and port 443 for
HTTPS protocol. This is not configurable.
• If your organization does not allow port 80 or port 443 to be open to all addresses, you
can restrict access to only the following domains, so WSUS and Automatic Updates can
communicate with Microsoft Update:
• http://windowsupdate.microsoft.com
• http://*.windowsupdate.microsoft.com
• https://*.windowsupdate.microsoft.com
• http://*.update.microsoft.com
• https://*.update.microsoft.com
• http://*.windowsupdate.com
• http://download.windowsupdate.com
• http://download.microsoft.com
• http://*.download.windowsupdate.com
• http://wustat.windows.com
• http://ntservicepack.microsoft.com
12
Note
These instructions for configuring the firewall are meant for a corporate firewall positioned
between WSUS and the Internet. Because WSUS initiates all its network traffic, there is
no need to configure Windows Firewall on the WSUS server.
Although the connection between Microsoft Update and WSUS requires ports 80 and 443 to be
open, you can configure multiple WSUS servers to synchronize with a custom port.
The next two procedures assume that you are using the configuration wizard. In a later section in
this step, you will learn how to start the WSUS Administration snap-in and configure the server
through the Options page.
To specify the way this server will obtain updates
1. From the configuration wizard, after joining the Microsoft Improvement Program, click
Next to choose the upstream server.
2. If you choose to synchronize from Microsoft Update, you are finished with this page. Click
Next, or select Specify Proxy Server from the left pane.
3. If you choose to synchronize from another WSUS server, specify the server name and
the port on which this server will communicate with the upstream server.
4. To use SSL, check the Use SSL when synchronizing update information check box.
In that case the servers will use port 443 for synchronization. (You should make sure that
both this server and the upstream server support SSL.)
5. If this is a replica server, check the This is a replica of the upstream server check box.
6. At this point you are finished with upstream server configuration. Click Next, or select
Specify proxy server from the left panel.
To configure proxy server settings
1. On the Specify Proxy Server page of the configuration wizard, select the Use a proxy
server when synchronizing check box, and then type the proxy server name and port
number (port 80 by default) in the corresponding boxes.
2. If you want to connect to the proxy server by using specific user credentials, select the
Use user credentials to connect to the proxy server check box, and then type the
user name, domain, and password of the user in the corresponding boxes. If you want to
enable basic authentication for the user connecting to the proxy server, select the Allow
basic authentication (password is sent in cleartext) check box.
3. At this point you are finished with proxy server configuration. Click Next to go to the next
page, where you can start setting up the synchronization process.
The following two procedures assume that you are using the WSUS Administration snap-in for
configuration. These two procedures show you how to start the WSUS Administration snap-in and
configure the server from the Options page.
13
To start the WSUS Administration console
• To start the WSUS Administration console, click Start, point to All Programs, point to
Administrative Tools, and then click Microsoft Windows Server Update Services 3.0.
Note
In order to use all the features of the WSUS console, you must be a member of either the
WSUS Administrators or the local Administrators security groups on the server on which
WSUS is installed. However, members of the WSUS Reporters security group have read-
only access to the administration console.
To specify an update source and proxy server
1. On the WSUS console, click Options in the left panel under the name of this server and
then click Update Source and Proxy Server in the middle panel.
2. A dialog box will be displayed with Update Source and Proxy Server tabs.
3. In the Update Source tab, select the location from which this server will obtain updates.
If you choose to synchronize from Microsoft Update (the default), you are finished with
this wizard page.
4. If you choose to synchronize from another WSUS server, you need to specify the port on
which the servers will communicate (the default is port 80). If you choose a different port,
you should ensure that both servers are able to use that port.
5. You may also specify whether to use SSL when synchronizing from the upstream WSUS
server. In that case, the servers will use port 443 to synchronize from the upstream
server.
6. If this server is a replica of the second WSUS server, select the This is a replica of the
upstream server check box. In this case all updates must be approved on the upstream
WSUS server only.
7. In the Proxy server tab, select the Use a proxy server when synchronizing check box,
and then type the proxy server name and port number (port 80 by default) in the
corresponding boxes.
8. If you want to connect to the proxy server by using specific user credentials, select the
Use user credentials to connect to the proxy server check box, and then type the
user name, domain, and password of the user in the corresponding boxes. If you want to
enable basic authentication for the user connecting to the proxy server, select the Allow
basic authentication (password in cleartext) check box.
9. Click OK to save these settings.
14
Step 4: Configure Updates and Set Up
Synchronization
Before downloading updates, you will need to specify which updates you want to download. This
section describes how to configure the set of updates you wish to download.
The procedures in this step describe how to:
• Save and download information about your upstream server and proxy server.
• Choose the language of the updates you want.
• Choose the products for which you want to get updates.
• Choose the classifications of updates you want.
• Specify the synchronization schedule for this server.
The next five procedures describe how to configure your updates using the configuration wizard.
Later procedures describe how to perform this configuration from the WSUS Administration
console by choosing specific options.
Save and download your upstream server and proxy information
1. You should have completed configuration of the upstream server and the proxy server in
the configuration wizard, and you should see the Connect to Upstream Server page.
2. Click the Start Connecting button, which will save and upload your settings and get
information about available updates.
3. While the connection is being made, the Stop Connecting button will be available. If
there are problems with the connection, click Stop Connecting, fix the problems, and
restart the connection.
4. After the download has completed successfully, click Next to go to the Choose
Languages page, or select a different page from the left panel.
Choose update languages
1. The Choose Languages page allows you to get updates from all languages or from a
subset of languages. Selecting a subset of languages will save disk space, but it is
important to choose all of the languages that will be needed by all of the clients of this
WSUS server.
2. If you choose to get updates for only a few languages, select Download updates only in
these languages, and select the languages for which you want updates. Click Next to go
to the Choose Products page, or select a different page from the left panel.
Choose update products
1. The Choose Products page allows you to specify the products for which you want
updates.
2. You may check product categories, such as Windows, or specific products, such as
15
Không có nhận xét nào:
Đăng nhận xét