The best ways to use a WSUS server in Windows Server 2012 R2

Admins can use Microsoft's native tool to manage OS updates across an enterprise network with the help of PowerShell.

What is WSUS and how is it best used? Does a WSUS server support PowerShell?

Operating system platforms are not static entities. Once initially installed, the operating system must be patched and updated as new content becomes available. This helps to ensure the best performance, reliability and security. But enterprise deployments pose challenges. When IT administrators must ensure proper updates on dozens, hundreds or even thousands of physical and virtual machines, the potential for oversights and mistakes can compromise even the best-run data center. Administrators need to recognize the tools available to help manage OS updates across the enterprise network. One native tool is Windows Server Update Services (WSUS).

WSUS provides Windows Server 2012 and Windows Server 2012 R2 administrators with a server-based tool capable of supporting Microsoft product updates across the organization. This can streamline update processes and help to ensure that all servers and systems are properly updated in a timely manner. This also avoids the need for a time-consuming and error-prone inventory of each individual machine. First introduced in 2005, WSUS is currently in version 4 released in late 2012.

In many situations, one server is configured as a WSUS server. The WSUS server connects to Microsoft Update to cache the available update and patch content. Administrators can then use the WSUS server to check installations, receive reports on the update status of certain machines and push out the cached updates to selected systems. This allows IT administrators to centralize and automate software updates. In addition, some servers can be allowed to connect directly to Microsoft Update, though these are usually non-essential systems or machines within a network's demilitarized zone where threat exposure will not harm the business.

The hardware requirements are generally light for a WSUS server role under Windows Server 2012 R2 and NET Framework 4.5, but data center developers should make the effort to meet or exceed requirements. These include at least one 1.4 GHz CPU or faster, 1.5 GB of additional memory (beyond the Windows OS requirements), 10 GB of storage space for WSUS and a minimum of 10/100 MB Ethernet connectivity. Most servers easily exceed these requirements, and a WSUS server can be provisioned as a virtual machine.

A series of 12 new cmdlets introduced with Windows Server 2012 and 2012 R2 allow WSUS functions to be scripted (or added to existing scripts) through PowerShell. This allows creation and support for scripts that administrators can use to automate activities and help maintain consistent activities across the data center. As just a few examples, Add-WsusComputer can add a specific client system to a target group, Get-WsusUpdate will get details about the available update and Approve-WsusUpdate will allow an update to be applied to systems. Other cmdlets provide additional control over getting and using WSUS.

Dig Deeper on Microsoft Windows Server 2012 R2