Posted in Endpoint Administrator, Microsoft 365 Administrator, MS 365 Enterprise Administrator, MS 365 Modern Desktop Administrator, MS 365 Security Administrator

Step by Step: configure windows clients for local WSUS

   October 9, 2023

Configuring Windows clients to use a local WSUS (Windows Server Update Services) server is essential for organizations to control the distribution of Windows updates within their network. Here’s a step-by-step guide on how to configure Windows clients to connect to a local WSUS server:

Prerequisites:

  • You should have a WSUS server already installed and configured on a Windows Server machine within your network.
  • You should have administrative access to the Windows clients you want to configure.

Step 1: Identify the WSUS Server

  1. On the Windows client, open the “Control Panel.”
  2. Go to “System and Security” and select “Windows Update.”

Step 2: Change Windows Update Settings

  1. In the Windows Update window, click on “Change settings” on the left side.
  2. In the “Important updates” section, select the drop-down menu and choose “Never check for updates (not recommended).” This step prevents the client from checking for updates on the internet.
  3. Click on “OK” to save the changes.

Step 3: Configure Group Policy (Optional)

  1. To enforce the WSUS settings via Group Policy, press Win + R to open the Run dialog, type gpedit.msc, and press Enter.
  2. In the Group Policy Editor, navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
  3. Double-click on “Specify intranet Microsoft update service location.”
  4. Select the “Enabled” option.
  5. In the “Set the intranet update service for detecting updates” field, enter the URL of your WSUS server. It should be in the format http://<WSUS_Server_Name>. For example, if your WSUS server is named “WSUSServer,” enter http://WSUSServer.
  6. In the “Set the intranet statistics server” field, enter the same URL as above.
  7. Click on “Apply” and then “OK” to save the Group Policy settings.

Step 4: Force Group Policy Update (Optional)

  1. Open a Command Prompt with administrative privileges by right-clicking on the Start button and selecting “Windows Terminal (Admin)” or “Command Prompt (Admin).”
  2. Run the following command to force a Group Policy update:

bash

gpupdate /force

Step 5: Verify WSUS Configuration

  1. To ensure that the Windows client is now connected to the WSUS server, go back to the “Windows Update” settings in the “Control Panel.”
  2. Click on “Check for updates” on the left side. The client should now check for updates from your local WSUS server rather than Microsoft’s servers.

Step 6: Review WSUS Updates (Optional)

  1. On the WSUS server, open the WSUS Console to review and approve updates for deployment to Windows clients.

By following these steps, you have configured your Windows clients to connect to your local WSUS server for Windows updates. This allows you to centrally manage and control the distribution of updates within your network, ensuring that devices receive the necessary updates while minimizing bandwidth usage from fetching updates directly from the internet.

Share: TwitterFacebookPinterestLinkedin
Author: tonyhughes