advertisement
WSUS Centralized Management (Replica Servers)
It is possible that not all the sites in your organization require the same computer groups. The important thing is to create enough computer groups on the administered server to satisfy the needs of the rest of the organization. Computers at different sites can be moved into a group appropriate for the site. Meanwhile, computer groups inappropriate for a particular site simply remain empty. All update approvals, like computer groups, must be created on the master server.
For step-by-step instructions, see Create Replica Servers later in this guide.
You should also make sure that the upstream server is configured for all the languages required by its replica servers. If you add languages to the upstream server, you should copy the new updates to its replica servers. Changing language options on the upstream server alone might result in a mismatch between the number of updates that are approved on the central server and the number of updates approved on the replica servers.
Distributed management
Distributed management offers you full control over approvals and computer groups for the
WSUS server, as shown in the "WSUS Distributed Management" illustration below. With the distributed management model, there is usually an administrator at each site who decides which update languages are needed, creates computer groups, assigns computers to groups, tests and approves updates, and ensures that the correct updates are installed on the right computer groups. Distributed management is the default installation option for all WSUS installations.
17
WSUS Distributed Management
Choose the Database Used for WSUS 3.0
SP2
You do not need to be a database administrator or purchase database software to use WSUS.
WSUS 3.0 SP2 will install Windows Internal Database if you choose to install a minimal version of
SQL Server. This version of SQL Server is designed to require very little management by the
WSUS administrator. If you already have Windows Internal Database installed, WSUS will use it.
If you want more control over the database, you can also use the full version of SQL Server with
WSUS.
The WSUS database stores the following types of information:
WSUS server configuration information
Metadata that describes each update
Information about client computers, updates, and client interaction with updates
Important
You should not attempt to manage WSUS by accessing data directly in the database.
Manage WSUS by using the WSUS console, or programmatically by calling WSUS APIs.
18
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 10 Simple WSUS deployment
- 11 Using computer groups
- 12 WSUS server hierarchies
- 13 Distributing updates in different languages within a server hierarchy
- 14 Networks disconnected from the Internet
- 14 Branch offices
- 15 Network load balancing clusters
- 15 Support for roaming clients
- 16 Centralized management
- 17 Distributed management
- 19 Selecting a database
- 20 Database authentication, instance, and database name
- 20 Local storage
- 21 Remote storage
- 22 Deferring the download of updates
- 23 Filtering updates
- 23 Using express installation files
- 25 Background Intelligent Transfer Service
- 25 Minimum Hardware Requirements
- 26 Supported Capacity by Configuration
- 28 Configure the Proxy Server
- 28 Configure the Firewall
- 30 WSUS Server Software Prerequisites
- 31 Configuring IIS 7.0
- 31 Client self-update
- 32 Using the WSUS custom Web site
- 32 Accessing WSUS on a custom port
- 32 Using host headers
- 33 Before upgrading from WSUS 2.0 to WSUS 3.0 SP2
- 33 Upgrading a Remote SQL Server Installation from WSUS 2.0 to WSUS 3.0 SP2
- 34 After upgrading
- 34 Before you begin
- 35 Installing WSUS
- 35 If You Are Using Server Manager
- 36 If You Are Using the WSUSSetup.exe File
- 36 Using the WSUS 3.0 SP2 Setup Wizard
- 40 WSUS Administration Console Software Prerequisites
- 40 Install the Console
- 41 Access the WSUS Administration Console
- 43 Choose the upstream server
- 43 Specify the proxy server
- 44 Connect to the upstream server
- 44 Choose update languages
- 45 Choose update products
- 45 Choose update classifications
- 46 Configure the synchronization schedule
- 47 Configuring WSUS from the administration console
- 48 Update storage options
- 48 Deferred downloads options
- 49 Express installation files options
- 49 Filtering updates options
- 54 Enable reporting rollup from replica servers
- 54 Setting up computer groups
- 54 Step 1: Specify how to assign computers to computer groups
- 55 Step 2: Create computer groups
- 55 Step 3: Move the computers
- 57 Hardening your Windows Server 2003 running WSUS
- 57 Adding authentication for chained WSUS Servers in an Active Directory environment
- 58 Step 1: Create an authentication list
- 58 Step 2: Disable anonymous access to the WSUS server
- 59 Securing WSUS with the Secure Sockets Layer Protocol
- 59 Limitations of WSUS SSL deployments
- 59 Configuring SSL on the WSUS server
- 61 Configuring SSL on client computers
- 61 Configuring SSL for downstream WSUS servers
- 62 Additional SSL resources
- 63 Special considerations for client computers set up by using a Windows 2000, Windows Server 2003, or Windows XP image
- 64 Automatic Updates client self-update feature
- 66 Load the WSUS Administrative Template
- 67 Configure Automatic Updates
- 68 Specify intranet Microsoft Update service location
- 68 Enable client-side targeting
- 69 Reschedule Automatic Updates scheduled installations
- 69 No auto-restart for scheduled Automatic Update installation options
- 70 Automatic Update detection frequency
- 71 Allow Automatic Update immediate installation
- 71 Delay restart for scheduled installations
- 71 Reprompt for restart with scheduled installations
- 72 Allow non-administrators to receive update notifications
- 72 Allow signed content from the intranet Microsoft update service location
- 73 Remove links and access to Windows Update
- 73 Disable access to Windows Update
- 74 Editing the Local Group Policy object
- 74 Using the registry editor
- 76 Automatic Update configuration options
- 79 Automatic Updates scenarios
- 79 RescheduleWaitTime
- 79 Example 1: Installation must occur immediately following system startup
- 80 Example 2: Installations must occur fifteen minutes after the Automatic Updates service starts
- 80 NoAutoRebootWithLoggedOnUsers
- 81 Example 1: Non-administrator user on a workstation
- 81 Example 2: Non-administrator user on a server
- 82 Summary of behavior for NoAutoRebootWithLoggedOnUsers settings
- 83 Interaction with other settings
- 84 Detectnow Option
- 84 Resetauthorization Option
- 85 Expired and unexpired deadlines
- 85 Deadlines and updates that require restarts
- 85 WSUS updates and deadlines
- 90 Import metadata to a replica server
- 93 Remote SQL Limitations and Requirements
- 93 Database requirements
- 94 Step 1: Install SQL Server 2005 Service Pack 2 or SQL Server 2008 on the back-end computer
- 95 Step 2: Check administrative permissions on SQL Server
- 96 Step 3: Install WSUS on the front-end computer
- 97 Step 1: Configure remote SQL
- 97 Step 2: Set up the other front-end WSUS servers
- 97 Step 3: Configure the front-end WSUS servers
- 98 Step 4: Set up a DFS share
- 99 Step 5: Configure IIS on the front-end WSUS servers
- 99 Step 6: Move the local content directory on the first front-end WSUS server to the DFS share
- 100 Step 7: Configure the NLB
- 101 Step 8: Test the WSUS NLB configuration
- 101 Step 9: Configure WSUS clients to sync from the DFS share
- 101 Upgrading NLB
- 102 Step 1: Identify the servers to use as WSUS servers
- 103 Step 2: Set up the host names on the DNS server
- 103 Step 3: Set up the DNS server for netmask ordering and round robin
- 103 Step 4: Configure the WSUS servers
- 104 Step 5: Configure WSUS clients to use the same host name
- 104 Windows Server
- 104 Audit policy
- 105 Security options
- 115 Event log settings
- 116 System services
- 121 TCP/IP hardening
- 123 IIS security configuration
- 123 Enable general IIS error messages
- 123 Enable additional IIS logging options
- 124 Remove header extensions
- 124 SQL Server
- 124 SQL registry permissions
- 125 Stored procedures
- 126 Prerequisites Schema
- 127 Example
- 128 Versioning in WSUS 2.0
- 129 WSUS 3.0 SP2 pre-release candidate versions
- 129 WSUS 3.0 SP2 Release Candidate 1 and later versions