Windows 10 Updates with WSUS

Medicine Cabinet

Using Peer-To-Peer or Upstream Servers

As mentioned, Windows 10 computers can deploy updates for other Windows 10 computers on the network and even on the Internet (peer-to-peer). The advantage of this is that not every computer in your branch offices needs to download its updates from Windows Update or from a WSUS server. Instead, it can source the updates from other computers on the same network. The settings for this can also be found in Windows 10 without Group Policies under Settings | Update and Security | Windows Update | Advanced Options | Chose how updates are installed .

If you use multiple WSUS servers in the enterprise, it is not necessary for all these servers to synchronize with Microsoft. Instead, you can establish an upstream server, from which other WSUS servers source their updates. If so desired, you have the option of not only synchronizing the updates, but also the settings. By doing so, you can install a single WSUS server and set up and distribute its data and patches to other WSUS servers throughout the enterprise. This is useful as an alternative to peer-to-peer distribution of Windows 10 on the network. For the settings in this area, go to the Update Source and Proxy Server options. You can also configure the updates via proxy servers here, of course, with the option to provide a username and password.

Once you have set up the source WSUS server, call the Options | Update Source and Proxy Server on the lower level WSUS servers. Enable the Synchronize from another Windows Server Update Services server option. If you have not configured SSL, enter the server name and port 8530 in the window. If you already use SSL, use the appropriate port.

In the window for configuring the upstream server, you can stipulate that the lower level WSUS servers also receive the settings from the parent server. To do this, enable the This server is a replica of the upstream server option. After you have enabled this option, you do not need to release any updates to the lower level servers because this option is also synchronized. After several hours, the servers should be synchronized. You can see the lower level WSUS servers in the Downstream Servers field of the WSUS management console. In this section, you can add the server to the current management console and also manage multiple servers in this way in a WSUS console.

Create Your Own Custom Patch CDs

Administrators who often install Windows clients or servers (e.g., also for pilot environments) need to download and install any necessary patches either via WSUS or Windows Update for each manual installation (see the "Integrating Office Updates in Windows 10" box). The process can extend the installation time significantly, especially on slower Internet connections. If you want to set up more than one computer, it can take hours for the servers or workstations to update. In these cases, it makes sense to use an update CD/DVD or ISO file with all the important patches that can be installed automatically in one fell swoop. You could also create a USB stick.

Integrating Office Updates in Windows 10

Office updates in Windows 10 can also be controlled via Windows Update and distributed via WSUS. Updates are configured in Windows 10 via a new interface, which can be found in Settings | Update & Security. Click on Advanced options and select Give me updates for other Microsoft Products when I update Windows.

So that Windows 10 can provide updates to your Office 2016 installation, you need to enable the installation of updates in Office 2016. By using File | Account | Update Options | Update Now, you can launch an update process and check whether Office updates for Windows 10 are available. The updates can, of course, be distributed by known pathways with WSUS (Figure 3).

Figure 3: Enabling the Anniversary Update for Windows 10 with update controls in WSUS.

The WSUS Offline Update [6] freeware tool helps with this process (Figure 4). The tool automatically downloads the WSUS catalog file from Microsoft and then all the patches that you selected. You don't have to install the tool; simply launch it. The current version supports Windows 10 and Windows Server 2016. However, Windows XP and Server 2003 are sidelined. With the free tool, if necessary, you can load all existing updates for Windows 10 and Windows Server 2016 in a single action and create an ISO file. You can then either burn this file onto a disk or deploy it on a server then launch the upgrade. All the patches are installed using a wizard. On request, the wizard can reboot or shut down the server after the update.

Figure 4: Creating an installation disk for Windows patches with WSUS Offline Update lets you update a Windows server in a single step.

To launch the tool, call the UpdateGenerator.exe file. After the launch, you can determine which Windows versions you want to download updates for in the Windows tab. The current version supports Windows 10 and Windows Server 2016. Once you have selected the products, you can specify several options in the lower directory. The options are self-explanatory. It makes sense to enable the Include C++ Runtime Libraries and .NET Frameworks and the per selected product and language option under Create ISO image(s) . The advantage of this is that you can also use the ISOs with virtual servers. On traditional servers, you can simply save the downloaded updates to a USB flash drive. You can also specify whether you want to download just 64-bit patches (x64 Global ) or updates for 32-bit computers (x86 Global ).

If you don't want to download the updates directly via Windows Update, but rather on the basis of an existing WSUS server, you can enter the URL of a WSUS server by clicking the WSUS button. When you press Start , the tool downloads the patches and, on request, creates the ISO files for the update.

To update a server or workstation with WSUS Offline Update, either mount the ISO file, burn it to a CD/DVD, or copy the contents of the \wsus-offline\client directory to a USB stick. You will find all tool updates, as well as the necessary installation files, in this folder. This directory is also considered when creating ISO files. Launch the update using the UpdateInstaller.exe tool, which launches a graphical interface that lets you specify how the update is performed.

In addition to WSUS Offline Update, another free tool lets you update Windows and other Microsoft products: Get WSUS Content .NET [7]. After downloading, first unpack the archive; then, launch setup.exe. The tool checks whether all conditions are in place on the PC.

Updates from Command Prompt and PowerShell

In Windows 10 and Windows Server 2016, you can install and uninstall updates at the command prompt or with PowerShell and the wusa.exe tool:

> wusa.exe MSU_patch_file /quiet /norestart

The /quiet option installs without feedback; the computer does not reboot when you stipulate the /norestart option, even if the patch requires this. You can remove updates with the /uninstall option:

> wusa.exe /uninstall /kb:knowledgebase_number_of_patch

You can also display the installed updates in the command prompt on Windows 10 and Windows Server by entering:

wmic qfe

Installed updates can also be displayed in PowerShell with the Get-Hotfix cmdlet,

> Get-Hotfix -computername Name

which not only displays the local computer updates, but also updates that are installed on computers on the network.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus