advertisement
of different situations, depending on whether the deadline has expired, whether there are other updates in the queue for the client to install, and whether the update (or another update in the queue) requires a restart.
Expired and unexpired deadlines
If the client contacts the server after the update deadline has passed, it will try to install the update as soon as possible. WSUS administrators can set update deadlines to a date in the past in order to have clients install the update immediately.
If the deadline has not passed, the client will download the update and install it the next time an install occurs. For example, if the client downloads an update with a deadline of 6:00 A.M., and the scheduled installation time is 3:00 A.M., the update will be installed at 3:00 A.M. Likewise, if a user starts an install before a (downloaded) update's deadline, the update will be installed.
Deadlines and updates that require restarts
Updates that have deadlines and require restarts will cause a forced restart at the time of the deadline, no matter when the update was actually installed. For example, if an update with a 6:00
A.M. deadline was downloaded and installed at 3:00 A.M., but the computer was not restarted at that time, it will be restarted at 6:00 A.M.
Moreover, if the computer is pending restart (because another update requiring a restart was installed, but the computer was not restarted), and an update with a deadline is installed, the computer will be restarted. The following is an example of client behavior with an unexpired deadline:
1. Update 1, which has no deadline but requires restart, is installed at 1:00 A.M., and the computer is not restarted.
2. Update 2, which has a deadline of 6:00 A.M. and does not require restart, is downloaded and installed at 3:00 A.M.
3. The computer is restarted at 6:00 A.M. (the deadline of Update 2).
The following is an example of client behavior with an expired deadline:
1. Update 1, which has no deadline but requires restart, is installed at 2:00 A.M., and the computer is not restarted.
2. Update 2, which has a deadline of 1:00 A.M. and does not require restart, is downloaded and installed at 3:00 A.M.
3. The computer is restarted after Update 2 is installed, at 3:00 A.M. (the first possible restart time).
WSUS updates and deadlines
A WSUS update (an update that is required in order for WSUS to continue functioning correctly) has installation priority over other kinds of update. If an update with a deadline is blocked by a
85
WSUS update, the deadline will apply to the WSUS update, as in the following sequence of events:
1. Update 1, which is a WSUS update with a deadline of 6:00 A.M., and Update 2, which is a non-WSUS update with a deadline of 2:00 A.M., are both downloaded at 1 A.M.
2. The next scheduled install is at 3:00 A.M.
3. The install of Update 1 starts at 2:00 A.M.
If the deadline of a blocked update has expired, the WSUS update that is blocking it will be installed immediately.
Set Up a Disconnected Network (Import and
Export the Updates)
Managing WSUS on a disconnected network involves exporting updates and metadata from a
WSUS server on a connected network and then importing them to the WSUS server on the disconnected network. There is a conceptual discussion of this feature in the "Networks
Disconnected from the Internet" section in Choose a Type of WSUS Deployment earlier in this
guide.
There are three steps to exporting and then importing updates:
1. Make sure that the options for express installation files and update languages on the exporting server are compatible with the settings on the importing server. This ensures that you collect the updates you intend to distribute.
2. Copy updates from the file system of the export server to the file system of the import server.
3. Export update metadata from the database on the export server, and import it into the database on the import server. The last section explains how to import exported updates to a replica server.
In this guide
Step 1: Matching Advanced Options
Step 2: Copying Updates from the File System
Step 3: Copying Metadata from the Database
Importing Updates to Replica Servers
Step 1: Matching Advanced Options
Make sure that the options for express installation files and languages on the exporting server match the settings on the importing server. For example, if you did not select the option for express installation files on the exporting server but did have the express installation file option selected on the importing server, you would not be able to distribute updates by using express
86
installation files, because none were synchronized by the exporting server. A mismatch of language settings can have a similar effect.
You do not have to concern yourself with matching the settings for schedule, products and classifications, source, or proxy server. The setting for deferred download of updates has no effect on the importing server. If you are using the option for deferred downloads on the exporting server, you must approve the updates so they can be downloaded before taking the next step, which is migrating updates to the importing server.
To ensure that express installation and language options on the exporting server match settings on the importing server
1. In the WSUS Administration snap-in of the exporting server, click the Options node in the left pane, and then click Update Files and Languages.
2. In the Update Files tab, check the setting for Download express installation files.
3. In the Update Languages tab, check the settings for the update languages.
4. In the WSUS Administration snap-in of the importing server, click the Options node in the left pane, and then click Update Files and Languages.
5. Make sure the settings for Download express installation files and Languages options match the selections on the exporting server.
For more information about these options, see the topics "Using Express Installation Files" and
"Filtering Updates" in Determine Bandwidth Options to Use earlier in this guide.
Step 2: Copying Updates from the File
System
Copy updates from the file system of the exporting server to the file system of the importing server. The procedures described below use the Windows Backup or Restore Wizard, but you can use any utility you like, including xcopy. The object is to copy updates from the file system on the exporting server to the files system of the importing server. When you copy files to the importing server, you must maintain the folder structure for all folders under the content directory.
Make sure that the updates appear in the folder on the importing server that has been designated to store updates; this designation is typically made during the setup process. You should also consider using an incremental backup system to limit the amount of data you need to move each time you refresh the server on the disconnected network.
To back up updates from file system of the exporting server to a file
1. On your exporting WSUS server, click Start, and then click Run.
2. In the Run dialog box, type ntbackup. The Backup or Restore Wizard starts by default, unless it is disabled. You can use this wizard or click the link to work in Advanced Mode and use the following steps.
87
3. Click the Backup tab, and then select the folder where updates are stored on the exporting server. By default, WSUS stores updates at
WSUSInstallationDrive\WSUS\WSUSContent\, where WSUSInstallationDrive is the drive on which WSUS is installed.
4. In the Backup media or file name box, type a path and file name for the backup (.bkf) file.
5. Click Start Backup. The Backup Job Information dialog box appears.
6. Click Advanced. Under Backup Type, click Incremental.
7. From the Backup Job Information dialog box, click Start Backup to start the backup operation.
8. Copy the backup file you just created to the importing server.
To restore updates from a file to the file system of the importing server
1. On your importing WSUS server, click Start, and then click Run.
2. In the Run dialog box, type ntbackup. The Backup or Restore Wizard starts by default, unless it is disabled. You can use this wizard or click the link to work in Advanced Mode and use the following steps.
3. Click the Restore and Manage Media tab, and select the backup file you created on the exporting server. If the file does not appear, right-click File, and then click Catalog File to add the location of the file.
4. In the Restore files to box, click Alternate location. This option preserves the folder structure of the updates; all folders and subfolders will appear in the folder you designate.
You must maintain the directory structure for all folders under \WSUSContent.
5. Under Alternate location, specify the folder where updates are stored on the importing server. By default, WSUS stores updates at
WSUSInstallationDrive\WSUS\WSUSContent\, where WSUSInstallationDrive is the drive on which WSUS is installed. Updates must appear in the folder on the importing server designated to hold updates; this is typically done during installation.
6. Click Start Restore. When the Confirm Restore dialog box appears, click OK to start the restore operation.
Step 3: Copying Metadata from the Database
Export update metadata from the database on the exporting server and import it into the database on the importing server using the WSUSUtil.exe utility program. For more information about this utility, see the WSUS Operations Guide at http://go.microsoft.com/fwlink/?LinkId=139838 .
88
Note
You must be a member of the local Administrators group on the WSUS server to export or import metadata; both operations can be run only on a WSUS server.
You should copy updates to a directory on the importing server before you import metadata. If
WSUS finds metadata for an update that is not in the file system, the WSUS console shows that the update failed to be downloaded. This type of problem can be fixed by copying the update to a directory on the importing server and then deploying the update again.
Although you can use incremental backups to move update files to the importing server, you cannot move update metadata incrementally. WSUSutil.exe exports all the metadata in the
WSUS database during the export operation.
Important
Never import exported data from a source that you do not trust. Importing content from a source you do not trust might compromise the security of your WSUS server.
Note
During the import or export process, the Update Service, the Windows NT service that underpins the WSUS application, is shut down.
To export metadata from the database of the exporting server
1. At the command prompt on the exporting server, navigate to the folder that contains
WSUSutil.exe (usually …\Program Files\Update Services\Tools).
2. Type the following:
wsusutil.exe export packagename logfile
For example:
wsusutil.exe export export.cab export.log
The package (.cab file) and log file name must be unique. WSUSutil.exe creates these two files as it exports metadata from the WSUS database.
3. Move the export package you just created to the importing server.
To import metadata to the database of the importing server
1. At the command prompt on the importing server, navigate to the directory that contains
WSUSutil.exe (usually …\Program Files\Update Services\Tools).
2. Type the following:
wsusutil.exe import packagename logfile
For example:
wsusutil.exe import export.cab import.log
WSUSutil.exe imports the metadata from the exporting server and creates a log file of the operation.
89
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 10 Simple WSUS deployment
- 11 Using computer groups
- 12 WSUS server hierarchies
- 13 Distributing updates in different languages within a server hierarchy
- 14 Networks disconnected from the Internet
- 14 Branch offices
- 15 Network load balancing clusters
- 15 Support for roaming clients
- 16 Centralized management
- 17 Distributed management
- 19 Selecting a database
- 20 Database authentication, instance, and database name
- 20 Local storage
- 21 Remote storage
- 22 Deferring the download of updates
- 23 Filtering updates
- 23 Using express installation files
- 25 Background Intelligent Transfer Service
- 25 Minimum Hardware Requirements
- 26 Supported Capacity by Configuration
- 28 Configure the Proxy Server
- 28 Configure the Firewall
- 30 WSUS Server Software Prerequisites
- 31 Configuring IIS 7.0
- 31 Client self-update
- 32 Using the WSUS custom Web site
- 32 Accessing WSUS on a custom port
- 32 Using host headers
- 33 Before upgrading from WSUS 2.0 to WSUS 3.0 SP2
- 33 Upgrading a Remote SQL Server Installation from WSUS 2.0 to WSUS 3.0 SP2
- 34 After upgrading
- 34 Before you begin
- 35 Installing WSUS
- 35 If You Are Using Server Manager
- 36 If You Are Using the WSUSSetup.exe File
- 36 Using the WSUS 3.0 SP2 Setup Wizard
- 40 WSUS Administration Console Software Prerequisites
- 40 Install the Console
- 41 Access the WSUS Administration Console
- 43 Choose the upstream server
- 43 Specify the proxy server
- 44 Connect to the upstream server
- 44 Choose update languages
- 45 Choose update products
- 45 Choose update classifications
- 46 Configure the synchronization schedule
- 47 Configuring WSUS from the administration console
- 48 Update storage options
- 48 Deferred downloads options
- 49 Express installation files options
- 49 Filtering updates options
- 54 Enable reporting rollup from replica servers
- 54 Setting up computer groups
- 54 Step 1: Specify how to assign computers to computer groups
- 55 Step 2: Create computer groups
- 55 Step 3: Move the computers
- 57 Hardening your Windows Server 2003 running WSUS
- 57 Adding authentication for chained WSUS Servers in an Active Directory environment
- 58 Step 1: Create an authentication list
- 58 Step 2: Disable anonymous access to the WSUS server
- 59 Securing WSUS with the Secure Sockets Layer Protocol
- 59 Limitations of WSUS SSL deployments
- 59 Configuring SSL on the WSUS server
- 61 Configuring SSL on client computers
- 61 Configuring SSL for downstream WSUS servers
- 62 Additional SSL resources
- 63 Special considerations for client computers set up by using a Windows 2000, Windows Server 2003, or Windows XP image
- 64 Automatic Updates client self-update feature
- 66 Load the WSUS Administrative Template
- 67 Configure Automatic Updates
- 68 Specify intranet Microsoft Update service location
- 68 Enable client-side targeting
- 69 Reschedule Automatic Updates scheduled installations
- 69 No auto-restart for scheduled Automatic Update installation options
- 70 Automatic Update detection frequency
- 71 Allow Automatic Update immediate installation
- 71 Delay restart for scheduled installations
- 71 Reprompt for restart with scheduled installations
- 72 Allow non-administrators to receive update notifications
- 72 Allow signed content from the intranet Microsoft update service location
- 73 Remove links and access to Windows Update
- 73 Disable access to Windows Update
- 74 Editing the Local Group Policy object
- 74 Using the registry editor
- 76 Automatic Update configuration options
- 79 Automatic Updates scenarios
- 79 RescheduleWaitTime
- 79 Example 1: Installation must occur immediately following system startup
- 80 Example 2: Installations must occur fifteen minutes after the Automatic Updates service starts
- 80 NoAutoRebootWithLoggedOnUsers
- 81 Example 1: Non-administrator user on a workstation
- 81 Example 2: Non-administrator user on a server
- 82 Summary of behavior for NoAutoRebootWithLoggedOnUsers settings
- 83 Interaction with other settings
- 84 Detectnow Option
- 84 Resetauthorization Option
- 85 Expired and unexpired deadlines
- 85 Deadlines and updates that require restarts
- 85 WSUS updates and deadlines
- 90 Import metadata to a replica server
- 93 Remote SQL Limitations and Requirements
- 93 Database requirements
- 94 Step 1: Install SQL Server 2005 Service Pack 2 or SQL Server 2008 on the back-end computer
- 95 Step 2: Check administrative permissions on SQL Server
- 96 Step 3: Install WSUS on the front-end computer
- 97 Step 1: Configure remote SQL
- 97 Step 2: Set up the other front-end WSUS servers
- 97 Step 3: Configure the front-end WSUS servers
- 98 Step 4: Set up a DFS share
- 99 Step 5: Configure IIS on the front-end WSUS servers
- 99 Step 6: Move the local content directory on the first front-end WSUS server to the DFS share
- 100 Step 7: Configure the NLB
- 101 Step 8: Test the WSUS NLB configuration
- 101 Step 9: Configure WSUS clients to sync from the DFS share
- 101 Upgrading NLB
- 102 Step 1: Identify the servers to use as WSUS servers
- 103 Step 2: Set up the host names on the DNS server
- 103 Step 3: Set up the DNS server for netmask ordering and round robin
- 103 Step 4: Configure the WSUS servers
- 104 Step 5: Configure WSUS clients to use the same host name
- 104 Windows Server
- 104 Audit policy
- 105 Security options
- 115 Event log settings
- 116 System services
- 121 TCP/IP hardening
- 123 IIS security configuration
- 123 Enable general IIS error messages
- 123 Enable additional IIS logging options
- 124 Remove header extensions
- 124 SQL Server
- 124 SQL registry permissions
- 125 Stored procedures
- 126 Prerequisites Schema
- 127 Example
- 128 Versioning in WSUS 2.0
- 129 WSUS 3.0 SP2 pre-release candidate versions
- 129 WSUS 3.0 SP2 Release Candidate 1 and later versions