Home > Success Center > Patch Manager > Configure client systems to download updates from WSUS

Configure client systems to download updates from WSUS

Table of contents

 Updated April 17, 2017

Overview

Use the following procedure to configure client systems to download updates from a server running Windows Server Update Services (WSUS). Typically, WSUS administrators implement this in Group Policy.

Environment

Patch Manager with WSUS

Steps

  1. In Group Policy Management, create or edit a group policy object for this configuration.
  2. In the left pane of the Group Policy Editor, expand Computer Configuration > Administrative Templates > Windows Components, and then select Windows Update.
  3. In the right pane, select Configure Automatic Updates, and then enable the policy:
    1. Click the Action menu, and then select Edit.
    2. Select Enabled.
    3. In the Options section, under Configure automatic updating, select the appropriate download and notification option.
    4. If you selected option 4 - Auto download and schedule the install, select the appropriate options under Scheduled install day and next to Scheduled install time.
    5. Click OK.
  4. Back in the Group Policy Editor window, select Specify intranet Microsoft update service location, and then enable the policy:
    1. Click the Action menu, and then select Edit.
    2. Select Enabled.
    3. In the Options section, under Set the intranet update service for detecting updates, enter the URL for the WSUS server. For example, enter http://wsusServer[:port], where wsusServer is the name of the WSUS server, and port is the port number if the WSUS server uses a port other than port 80.
      Note: WSUS version 6 (installed with Windows Server 2012) uses port 8530 by default.
    4. Under Set the intranet statistics server, enter the same URL.
    5. Click OK.
  5. If you used Patch Manager to publish third-party updates, select Allow signed updates from an intranet Microsoft update service location, and then enable the policy:
    1. Click the Action menu, and then select Edit.
    2. Select Enabled.
    3. Click OK.
    Note: If you enabled this setting to facilitate distributing third-party updates, you also need to deploy the WSUS self-signed certificate to the clients. For additional information, see Configuring Managed Clients.

 

You must to post a comment.
Last modified
04:36, 19 Apr 2017

Tags

Classifications

Public