Topic researching and deploying windows server update services

Therefore, the main solution is to install an intermediate Server WSUS Server to updatepatches from the Internet, then PCs in the LAN connect to this Server to update patches.After imple

Trang 1

VIETNAM-KOREA UNIVERSITY OF INFORMATION AND COMMUNICATION TECHNOLOGY

COMPUTER SCIENCE FACULTY

FINAL PROJECT NETWORK ADMINISTRATION

GROUP 09 TOPIC: RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES

Members: Tran Thi Kim Oanh - 19IT3

Nguyen Trung Hieu – 19IT3 Hoang Nguyen Viet Nam – 19IT3

Le Tran Thu Loan – 19IT3

Part Class: Network Administration (3)

Instructor: Dr Dang Quang Hien

Da Nang, November 2021

Trang 2

VIETNAM-KOREA UNIVERSITY OF INFORMATION AND COMMUNICATION TECHNOLOGY

COMPUTER SCIENCE FACULTY

FINAL PROJECT NETWORK ADMINISTRATION

GROUP 09 TOPIC: RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES

Members: Tran Thi Kim Oanh - 19IT3

Nguyen Trung Hieu – 19IT3 Hoang Nguyen Viet Nam – 19IT3

Le Tran Thu Loan – 19IT3

Part Class: Network Administration (3)

Instructor: Dr Dang Quang Hien

Trang 3

Information and data play an important role in production and business activities as well

as the development of enterprises One of the important methods to secure informationand data is to regularly update patches for Windows operating system and Microsoftsoftware on PCs and Servers However, with a relatively large number of PCs andServers at agencies, the implementation of updating (updating) patches (hotfixes),upgrades for operating systems, and Microsoft's software is a something worthy ofattention Currently, updates for PCs and Servers in offices are largely done manually(updates are done by individual users) This leads to the following problems:

o Users do not update patches or perform incomplete patch updates, leading to therisk of being attacked by security holes The administrator has not been able tocontrol the update status of users' patches, operating systems and Microsoftapplications

o Each user individually updates Microsoft's operating systems and programs,resulting in bandwidth consumption, especially international bandwidth

o In case the Internet connection is slow or interrupted, it will lead to updatingoperating systems, Microsoft programs for PC and Server take longer, making PCand Server run slower

Therefore, the main solution is to install an intermediate Server (WSUS Server) to updatepatches from the Internet, then PCs in the LAN connect to this Server to update patches.After implementing this solution, the following goals will be achieved:

o All Client computers in the LAN are updated with timely patches, improvingsecurity and safety for user computers (Clients)

o The update time of the clients is scheduled in accordance with the LANperformance

o Saving bandwidth for Internet access: Previously, all clients had to access theInternet to update (each update had to download from a few dozen to severalhundred Megabytes of data), but now there is only one server Connect to theInternet to update online while the clients perform updates inside the LAN

Trang 4

Therefore, our group decided to implement the topic: "RESEARCHING ANDDEPLOYING WINDOWS SERVER UPDATE SERVICES" With the efforts andespecially the dedicated and thoughtful help of the instructors, Dr Dang Quang Hien, ourgroup completed the subject project on time Due to the limited time to do the project andthe limited qualifications, it is inevitable that there will be shortcomings I look forward

to receiving comments from teachers as well as from students to improve this project

Trang 5

THANK YOU

We would like to sincerely thank the enthusiastic help of the instructor Dr Dang QuangHien, who oriented, guided and supported our team during the implementation of thisproject

We would also like to thank the teachers and lecturers in the University of Informationand Communication Technology - UD for providing me with the necessary knowledge tocarry out this project

We would also like to thank my family and friends who always encouraged andsupported me during my study and research, and contributed valuable experiences duringthe implementation of this thesis

We wish the teachers good health, good work, continue to teach and train the younggeneration successfully

We sincerely thank you!

Trang 6

COMMENTS OF INSTRUCTOR

Instructor

Dr Dang Quang Hien

Trang 7

PREFACE 3

THANK YOU 5

LIST OF PICTURES 3

LIST OF ABBREVIATIONS 5

PREAMBLE 1

Objectives of the study 1

Expected results 1

CHAPTER 1 OVERVIEW 3

1.1 WSUS Definition 3

1.2 History 4

1.3 WSUS Server Role Description 4

1.4 Using Windows PowerShell to Manage WSUS 5

1.5 Benefits of WSUS 6

1.6 Advantages and disadvantages 6

1.7 How to extend WSUS 8

CHAPTER 2 PARADIGM 9

2.1 Paradigms 9

2.2 Working principle 9

2.3 WSUS Deployment Scenarios 10

CHAPTER 3 STEP BY STEP 13

3.1 Install Window Server Update Services (WSUS) 13

3.2 User Policy Configuration 28

3.3 Manage computers in LAN and WSUS Server 33

Check the connection of computers in the LAN to the WSUS Server Check the initial WSUS Server configuration 33

Check WSUS Server Version 35

Synchronize updates from Microsoft Server to WSUS Server 37

Download updates from Microsoft Server to WSUS Server 38

Check the update status of PCs and Servers in LAN 42

Check the update status of PCs and Servers in LAN on WSUS Server 44

CONCLUSION 45

Trang 8

Result 45 Difficulty 45 REFERENCES 46

Trang 9

LIST OF PICTURES

Figure 1 1 Windows Server Update Services 3

Figure 2 1 Paradigms of topic 9

Figure 2 2 Single WSUS Server (Small-Sized or Simple Network) 10

Figure 2 3 Multiple Independent WSUS Servers 11

Figure 2 4 Multiple Internally Synchronized WSUS Servers 12

Figure 2 5 Disconnected WSUS Servers 12

Figure 3 1 Install Window Server Update Services 13

Figure 3 31 User Policy Configuration 28

Trang 10

Figure 3 40 Manage computers in LAN and WSUS Server 34

Trang 11

LIST OF ABBREVIATIONS

ID Abbreviations The Meaning Of The Acronym

1 WSUS Windows Server Update Services

4 SUS Software Update Services

9 ADDS Active Directory Domain Services

Trang 12

PREAMBLEThe reason for choosing the topic

One of the important methods to secure information and data is to regularly updatepatches for Windows operating system and Microsoft software on PCs and Servers.However, with a relatively large number of PCs and Servers at agencies, theimplementation of updating (updating) patches (hotfixes), upgrades for operatingsystems, and Microsoft's software is a something worthy of attention Currently, updatingfor PCs and Servers in offices is largely done manually (updates are done by each user

individually) Therefore, our group decided to implement the topic:"RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES".

Objectives of the study

The main solution is to install an intermediate Server (WSUS Server) to update patchesfrom the Internet, then PCs in the LAN connect to this Server to update patches Afterimplementing this solution, the following goals will be achieved:

All Client computers in the LAN are updated with timely patches, improving security andsafety for user computers (Clients)

The update time of the clients is scheduled in accordance with the LAN performance.Saving bandwidth for Internet access: Previously, all clients had to access the Internet toupdate (each update had to download from a few dozen to several hundred Megabytes ofdata), but now there is only one server Connect to the Internet to update online while theclients perform updates inside the LAN

Header task

This application was created to bring convenience to users as well as to make it easier forlarge enterprises to manage, fix errors and update new updates for computer systems

Expected results

o Knowledge of VMWare, Windows server 2016 operating system

o Understand and understand how it works, as well as deploy and install WSUS

o Finalize the topic, deploy and install WSUS

1

Trang 13

After finishing a project, the indispensable thing is a written report on your topic andproject presentation slides The detailed report presents a reasonable table of contentslayout.

Structure of the report

Chapter 1 Overview

Chapter 2 Paradigm

Chapter 3 Step by step

2

Trang 14

CHAPTER 1 OVERVIEW1.1 WSUS Definition

Windows Server Update Services (WSUS) enables information technologyadministrators to deploy the latest Microsoft product updates WSUS is a WindowsServer server role that can be installed to manage and distribute updates A WSUS servercan be the update source for other WSUS servers within the organization The WSUSserver that acts as an update source is called an upstream server In a WSUSimplementation, at least one WSUS server in the network must connect to MicrosoftUpdate to get available update information

Figure 1 1 Windows Server Update Services

Using WSUS, a server administrator can approve updates to be downloaded and theninstalled by groups classifying any number of computers at routinely-scheduled intervals.WSUS also supports selecting and approving updates at any given time, useful forsecurity issues that must be addressed immediately

Other features of WSUS include:

o Automatic approval of frequently updated security classifications (like antivirusdefinitions released several times a day)

o Update management of every Microsoft product released ever

3

Trang 15

o Management of multiple update classifications at once - Security updates,Windows upgrades, generic updates, software drivers, and even security ormanagement tools.

o Automatic sorting of computers into management groups via Group Policysettings

o Email notifications for update statuses (success and failure to download or install)and timely report roll-ups for scheduled security reviews

o SSL-capable dashboard application for managing WSUS and showing updatedinformation

1.2 History

The first version of WSUS was called SUS At first, it only provided hotfixes andpatches for Microsoft operating systems SUS runs on the Windows Server operatingsystem and downloads updates for specified versions of Windows from the remoteWindows Update website operated by Microsoft Customers can then download updatesfrom this internal server, instead of connecting directly to Windows Update Microsoftoriginally planned to end support for SUS on December 6, 2006, but based on userfeedback, the deadline was extended to July 10, 2007

WSUS builds on SUS by expanding the range of software it can update The WSUSinfrastructure enables automatic download of updates, hotfixes, service packs, devicedrivers, and feature packs to customers in one hosted from a central server or a multi-server system

1.3 WSUS Server Role Description

Windows Server Update Services (WSUS) enables information technologyadministrators to deploy the latest Microsoft product updates You can use WSUS to fullymanage the distribution of updates that are released through Microsoft Update tocomputers on your network

A WSUS server provides features that you can use to manage and distribute updatesthrough a management console A WSUS server can also be the update source for otherWSUS servers within the organization The WSUS server that acts as an update source iscalled an upstream server In a WSUS implementation, at least one WSUS server on your

4

Trang 16

network must be able to connect to Microsoft Update to get available update information.

As an administrator, you can determine based on network security and configuration how many other WSUS servers connect directly to Microsoft Update

-Practical applications

Update management is the process of controlling the deployment and maintenance ofinterim software releases into production environments It helps you maintain operationalefficiency, overcome security vulnerabilities, and maintain the stability of yourproduction environment If your organization cannot determine and maintain a knownlevel of trust within its operating systems and application software, it might have anumber of security vulnerabilities that, if exploited, could lead to a loss of revenue andintellectual property Minimizing this threat requires you to have properly configuredsystems, use the latest software, and install the recommended software updates.The core scenarios where WSUS adds value to your business are:

o Centralized update management

o Update management automation

Windows Server Update Services is a built-in server role that includes the followingenhancements:

o Can be added and removed by using the Server Manager

o Includes Windows PowerShell cmdlets to manage the most importantadministrative tasks in WSUS

o Adds SHA256 hash capability for additional security

o Provides client and server separation: versions of the Windows Update Agent(WUA) can ship independently of WSUS

1.4 Using Windows PowerShell to Manage WSUS

For system administrators to automate their operations, they need coverage throughcommand-line automation The main goal is to facilitate WSUS administration byallowing system administrators to automate their day-to-day operations

What value does this change add?

5

Trang 17

By exposing core WSUS operations through Windows PowerShell, system administratorscan increase productivity, reduce the learning curve for new tools, and reduce errors due

to failed expectations resulting from a lack of consistency across similar operations

What works differently?

In earlier versions of the Windows Server operating system, there were no WindowsPowerShell cmdlets, and update management automation was challenging The WindowsPowerShell cmdlets for WSUS operations add flexibility and agility for the systemadministrator

time-Using Windows Server Update Services, you can centralize and automate updatemanagement for Microsoft products This helps you determine how and when todistribute updates and which machines require a specific update

You can also scan to discover client machines pending update installations and scheduleupdates without interrupting employee productivity This approach also helps save yourcorporate internet bandwidth as WSUS servers use your corporate intranet to distributeupdates

If you maintain a downstream server in a different branch location, you can allow thedownstream server in your branch location to receive updates directly from MicrosoftUpdate With this approach, you can overcome bandwidth limitations between yourcentral and branch locations

6

Trang 18

As WSUS is a server role component of Windows Server operating system, it doesn’trequire additional licensing if you’ve already purchased Windows Server licenses.

1.6 Advantages and disadvantages

The use of WSUS has its pros and cons Sometimes it works perfectly and other times itfails for the strangest of reasons

Advantages of WSUS include:

o Manage dozens/hundreds of computers simultaneously

o Save on network bandwidth usage by only downloading updates once

o The many additional reporting and control features outlined above

o Automatic approval of frequently updated security classifications (like antivirusdefinitions released several times a day)

o Update management of every Microsoft product released ever

o Management of multiple update classifications at once - Security updates,Windows upgrades, generic updates, software drivers, and even security ormanagement tools

o Automatic sorting of computers into management groups via Group Policysettings

o Email notifications for update statuses (success and failure to download or install)and timely report roll-ups for scheduled security reviews

o SSL-capable dashboard application for managing WSUS and showing updatedinformation

Disadvantages of WSUS include:

o It is only supported on Windows Server (Expensive licensing required)

o It requires at least 4GB of memory to run (the more updates, the more RAMneeded)

o It requires hundreds of GB to store downloaded updates Additional selectedproducts and update types increase this amount

o The management database can occasionally be corrupted through normal usage,thus crashing the server and requiring cleanup and repair work to fix it

7

Trang 19

o You can only run WSUS on a Windows Server Depending on your IT

infrastructure’s scale, this may require you to purchase a significant amount of additional Windows Server licenses

o While Windows Server Update Services can distribute updates for Microsoft products, its ability to support third-party software applications is limited, and distributing third-party updates with WSUS can become cumbersome

o Windows Server Update Services doesn’t support client machines running Windows operating systems like Linux distributions or macOS This implies you have to depend on additional patch management solutions to manage non-Windows machines in your IT environment

non-System Requirements

Hardware and database software requirements are driven by the number of clientcomputers being updated in your organization Before you enable the WSUS server role,confirm that the server meets the system requirements and confirm that you have thenecessary permissions to complete the installation by adhering with the followingguidelines:

Server hardware requirements to enable WSUS role are bound to hardware requirements.The minimum hardware requirements for WSUS are:

o Processor: 1.4 gigahertz (GHz) x64 processor (2 Ghz or faster is recommended)

o Memory: WSUS requires an additional 2 GB of RAM more than what is required

by the server and all other services or software

o Available disk space: 40 GB or greater is recommended

o Network adapter: 100 megabits per second (Mbps) or greater (1GB isrecommended)

1.7 How to extend WSUS

You can implement third-party patch management or update management solutions toovercome the challenges with WSUS With this approach, you can augment, optimize,

or extend WSUS functionality

8

Trang 20

For example, implementing an appropriate patch management solution helps improvehow effectively you can manage third-party updates Similarly, you can gain bettervisibility into your IT infrastructure, improve patch compliance and reporting, andmanage Windows update scheduling more efficiently.

9

Trang 21

CHAPTER 2 PARADIGM2.1 Paradigms

Figure 2 1 Paradigms of topic

Paradigms consists of 3 machines: one is our domain controller (Domain), one is themember server where we are planning to install and configure wsus (WSUS) and one isthe client (client)

Domain: Set static IP and DNS to 192.168.1.254 Here add Active Directory DomainServices to create a domain controller named “mylab.com” and group policymanagement

WSUS: Set DNS to 192.168.1.254 and then join the domain controller as “mylab.com”.Then install and set up the window server update services

Client: Set DNS to 192.168.1.254 and then join the domain controller as “mylab.com”.And then connect to WSUS to receive updates

2.2 Working principle

o Win_DIC(Domain) : is where the domain controller Configure group policymanagement, creates GPO (Group Policy Object) and configures policies onWindows Update users in the GPO

o WSUS (Window Server Update Services): is the place to participate in thedomain, create a content location, install configure Window Update and connect toupstream server page Once installed and configured, select and install the updatesdistributed to client machines

10

Trang 22

o Win_client(Client): is the place to join and the same domain as WSUS and receiveupdates from WSUS

2.3 WSUS Deployment Scenarios

WSUS is flexible enough to meet the update management needs of a wide range oforganizations — from small businesses with dial-up connectivity to the largest businesseswith thousands of users distributed across multiple sites Depending on the size of theorganization, its location, and its connectivity infrastructure, administrators can determinethe most efficient way to scale out their WSUS servers — this might be one or manyWSUS servers

In this section, you can learn more about the common scenarios for deployingWSUS components in small, medium, and restricted networks

Single WSUS Server (Small-Sized or Simple Network)

In a single WSUS server scenario, administrators can set up a server runningWSUS inside their corporate firewall, which synchronizes content directly withMicrosoft Update, and distributes updates to client computers, as shown in the followingfigure

Figure 2 2 Single WSUS Server (Small-Sized or Simple Network)

11

Trang 23

Multiple Independent WSUS Servers

Administrators can deploy multiple servers that are configured so that each server is managed independently and so that each server synchronizes its content from Microsoft Update, as shown in the following figure

Figure 2 3 Multiple Independent WSUS Servers

The deployment method in this scenario would be appropriate for situations in whichdifferent local area network (LAN) or wide area network (WAN) segments are managed

as separate entities (for example, a branch office) It would also be appropriate in caseswhere one server running WSUS is configured to deploy updates only to client computersrunning a certain operating system (such as Windows 2000), while another server isconfigured to deploy updates only to client computers running another operating system(such as Windows XP) In these situations, the two servers would not need to synchronizecontent

Multiple Internally Synchronized WSUS Servers

Administrators can deploy multiple servers running WSUS that synchronize all contentwithin their organization’s intranet In the following figure, only one server is exposed tothe Internet In this configuration, this is the only server that downloads updates fromMicrosoft Update This server is set up as the upstream server — the source to which thedownstream server synchronizes When applicable, servers can be located throughout ageographically dispersed network to provide the best connectivity to all client computers

12

Trang 24

Figure 2 4 Multiple Internally Synchronized WSUS Servers

Disconnected WSUS Servers (Limited or Restricted Internet Connectivity)

If corporate policy or other conditions limit computer access to the Internet,administrators can set up an internal server running WSUS, as illustrated in the followingfigure In this example, a server is created that is connected to the Internet but is isolatedfrom the intranet After downloading, testing, and approving the updates on this server, anadministrator would then export the update metadata and content to a CD, and then, fromthe CD, import the update metadata and content to servers running WSUS within theintranet Although the following figure illustrates this model in its simplest form, it could

be scaled to any-size deployment

Figure 2 5 Disconnected WSUS Servers

13

Trang 25

CHAPTER 3 STEP BY STEP3.1 Install Window Server Update Services (WSUS)

If you want to install window server update services(wsus), you need to create a domain, then wsus and client will join this domain To do this, we need 3 computers as introduced

in Chapter 2: Domain, WSUS and Client Now we will create the domain on the Win_DIC machine

Firstly, on Win_DIC machine in server manager we choose add roles and features, an addroles and features console will appear

Figure 3 1 Install Window Server Update Services

At step before you begin choose next,

Then at installation type step choose next

14

Trang 26

At sever selection step choose next

Then in the server roles select the Active Directory Domain Services checkbox to activate

it as the role to use with the server and click Next

15

Trang 27

The required features list is displayed click Add Features to add the required features tothe server

The Select features panel is displayed Optionally select any additional features that may

be required for your server click Next

16

Trang 28

The Confirm installation selections panel is displayed If all selections are correct, click Install

Wait for the installation process to finish successfully, then click Close to close thewizard After the Active Directory Domain is created successfully, we need to configure

17

Trang 29

the service on the server To do that, we set up the Active Directory Domain Services.After the AD DS server has been added, an alert notification appears in the ServerManager Click the notification flag From the dropdown menu at the top right corner ofthe window, click Promote this server to a domain controller

The Deployment Configuration panel is displayed Select the option Add a new forestand enter mylab.local in the Root domain name field click Next

The Domain Controller Options panel is displayed Enter the Directory Services Restore Mode (DSRM) password and re-enter it in the Confirm password field Click Next twice

18

Tiêu đề	Researching and Deploying Windows Server Update Services
Tác giả	Tran Thi Kim Oanh, Nguyen Trung Hieu, Hoang Nguyen Viet Nam, Le Tran Thu Loan
Người hướng dẫn	Dr. Dang Quang Hien
Trường học	Vietnam-Korea University of Information and Communication Technology
Chuyên ngành	Computer Science
Thể loại	Final project
Năm xuất bản	2021
Thành phố	Da Nang

Định dạng
Số trang	58
Dung lượng	6,92 MB