What is WSUS and how is it best used? Does a WSUS server support PowerShell?
Operating system platforms are not static entities. Once initially installed, the operating system must be patched and updated as new content becomes available. This helps to ensure the best performance, reliability and security. But enterprise deployments pose challenges. When IT administrators must ensure proper updates on dozens, hundreds or even thousands of physical and virtual machines, the potential for oversights and mistakes can compromise even the best-run data center. Administrators need to recognize the tools available to help manage OS updates across the enterprise network. One native tool is Windows Server Update Services (WSUS).
WSUS provides Windows Server 2012 and Windows Server 2012 R2 administrators with a server-based tool capable of supporting Microsoft product updates across the organization. This can streamline update processes and help to ensure that all servers and systems are properly updated in a timely manner. This also avoids the need for a time-consuming and error-prone inventory of each individual machine. First introduced in 2005, WSUS is currently in version 4 released in late 2012.
In many situations, one server is configured as a WSUS server. The WSUS server connects to Microsoft Update to cache the available update and patch content. Administrators can then use the WSUS server to check installations, receive reports on the update status of certain machines and push out the cached updates to selected systems. This allows IT administrators to centralize and automate software updates. In addition, some servers can be allowed to connect directly to Microsoft Update, though these are usually non-essential systems or machines within a network's demilitarized zone where threat exposure will not harm the business.
The hardware requirements are generally light for a WSUS server role under Windows Server 2012 R2 and NET Framework 4.5, but data center developers should make the effort to meet or exceed requirements. These include at least one 1.4 GHz CPU or faster, 1.5 GB of additional memory (beyond the Windows OS requirements), 10 GB of storage space for WSUS and a minimum of 10/100 MB Ethernet connectivity. Most servers easily exceed these requirements, and a WSUS server can be provisioned as a virtual machine.
A series of 12 new cmdlets introduced with Windows Server 2012 and 2012 R2 allow WSUS functions to be scripted (or added to existing scripts) through PowerShell. This allows creation and support for scripts that administrators can use to automate activities and help maintain consistent activities across the data center. As just a few examples, Add-WsusComputer can add a specific client system to a target group, Get-WsusUpdate will get details about the available update and Approve-WsusUpdate will allow an update to be applied to systems. Other cmdlets provide additional control over getting and using WSUS.
Dig Deeper on Microsoft Windows Server 8 Administration
Related Q&A from Stephen J. Bigelow
Administrators in charge of keeping antivirus software up to date have a few options to protect their servers. Learn about the methods and services ... Continue Reading
The Office Insider program can benefit organizations that want as much lead time as possible to see what new features Microsoft plans to release for ... Continue Reading
Microsoft offers Windows Defender Antivirus as its native tool to prevent malware attacks. Discover how it works and what advanced protections it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.