Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Patch Manager > Configure client systems to download updates from WSUS

Configure client systems to download updates from WSUS

Table of contents

 Updated April 17, 2017

Overview

This article describes how to configure client systems to download updates from a server running Microsoft® Windows® Server Update Services (WSUS). Typically, WSUS administrators implement this procedure in Group Policy.

Environment

Patch Manager with WSUS

Steps

  1. In Group Policy Management, create or edit a group policy object for this configuration.
  2. Open the Group Policy Editor.
  3. In the left pane, expand Computer Configuration > Administrative Templates > Windows Components, and then select Windows Update.
  4. In the right pane, select Configure Automatic Updates, and then enable the policy:
    1. Click the Action menu, and then select Edit.
    2. Select Enabled.
    3. In the Options section, under Configure automatic updating, select the appropriate download and notification option.
    4. If you selected option 4 - Auto download and schedule the install, select the appropriate options under Scheduled install day and next to Scheduled install time.
    5. Click OK.
  5. In the Group Policy Editor window, select Specify intranet Microsoft update service location.
  6. Enable the policy.
    1. Click the Action menu, and then select Edit.
    2. Select Enabled.
    3. In the Options section, under Set the intranet update service for detecting updates, enter the URL for the WSUS server.
      For example, enter http://wsusServer[:port], where wsusServer is the name of the WSUS server and port is the port number, if the WSUS server uses a port other than port 80.

      By default, WSUS version 6 (installed with Windows Server 2012) uses port 8530.

    4. Under Set the intranet statistics server, enter the same URL.
    5. Click OK.
  7. If you use Patch Manager to publish third-party updates, select Allow signed updates from an intranet Microsoft update service location, and then enable the policy.
    1. Click the Action menu, and then select Edit.
    2. Select Enabled.
    3. Click OK.

    If you enabled this setting to facilitate distributing third-party updates, deploy the WSUS self-signed certificate to the clients. For additional information, see Configuring Managed Clients.

 

Last modified
13:48, 8 Aug 2017

Tags

Classifications

Public