WSUS Health Check

Group Policy: Group Policies are the easiest way to configure automatic update settings for client systems in an Active Directory environment. To check WSUS policy has been applied or not, log on to client computer. Open command prompt>type gpresult.exe>hit enter. You will be presented with a list applied GPO in that machine including WSUS policy. Alternatively, you can do the followings.

1. Click Start>Administrative Tools>Group Policy Management.
The Group Policy Management Console will come up.
2. At the bottom of the Console Tree, you will see a node called Group
Policy Results. Right-click on it and choose Group Policy Results
3. It will come up to the Welcome to the Group Policy Results Wizard screen. Just click Next.
4. Now you will come to the Computer Selection screen. You have the choice of This computer or Another computer. Now click Next.

5. Now you can select a specific user or check Do not display policy settings for the selected computer in the results (display user policy
settings only). Since you are only interested in whether the Updates GPO
has run, you will not select a user.
6. Next the Summary of Selections screen comes up, allowing you to review your selections. Once you’ve verified them, click Next and the Completing the Group Policy Results Wizard will come up. Click Finish. the right, under Summary, click on Group Policy Objects> Applied GPOs. You should see the list of applied GPOs. In this case you are looking for the GPO WSUS Updates.

E-mail Notifications: WSUS 3.0 can send e-mail notifications of new updates and provide status reports to an administrator. To set this up do the following:
1. Create a user account for the WSUS server to use as an e-mail account. For instance, in our example we created a user account with a mailbox in our domain called WSUS.
2. Now open the WSUS Administrative Console, go to Options in the
Console Tree area, then in the Details Pane select E-mail Notifications.
3. In the General tab of E-mail Notifications, as seen in Figure 3.59, put a check beside Send e-mail notification when new updates are synchronized and type the e-mail addresses of the recipients. If you have more than one recipient, separate them by commas.
4. If you are sending status reports to these recipients, put a check beside Send status reports. Select the frequency with which each report is sent (Weekly or Daily) and the time the reports are to be sent, and type in the names of the recipients. You can also select which language you wish the reports to be sent in.

5. Now that the information on the General tab is complete, go to the E-mail Server tab and enter the information about the SMTP server, its port number, the sender’s name and e-mail address, and the username and password of the user that you created for the WSUS account earlier. 6. Once you’ve entered the correct information, click the Test button to verify your settings are correct. If everything looks correct, click OK and you’re done.

Personalization : If you want to personalize the way information is displayed for a WSUS server you can do so by clicking on Personalization within Options. This option allows administrators to choose how server rollup data is displayed, what items will be listed in the To Do list and how validation errors are displayed.

Automatic Approvals:  The Automatic Approvals option allows an administrator to automatically approve updates to be installed based on product and classification, and gives the ability to target which computers to set the automatic approval for. Automatic approvals are based on rules.

1. To create a new rule, first click on Automatic Approvals, found in Options.
2. In the Update Rules tab, select New Rule.

3. There are two steps in the Add Rule box. The first step is to select properties. For our example, we chose an update based on product, so we selected When an update is in a specific product. We could also specify a certain classification if we wanted to. Type Name of Rule such as Windows 7 Approval
4. The second step is to edit the properties or values. Click on the link for any product and in the list of products remove the check from All Products. Now scroll down to the listing for Windows and select Windows 7 Client. Click Approve the update for link and select Windows 7 Computer Group, Click when update is in and select update rollups, features or whatever you need. When click OK.
5. We are now back at the Add Rule box. Click Windows 7 approval rule>click run rule.

6. Repeat step2 to step 5 for all other computer groups such windows server 2008 x64.

Server Cleanup Wizard:  The Server Cleanup Wizard is used to help administrators manage their disk space by removing unused updates and revisions, deleting computers not contacting the server, deleting unneeded update files, declining expired updates, and declining superseded updates.

Important!  If you have WSUS 3.0 downstream servers, you may see discrepancies in both upstream and downstream servers. Be extra careful when cleaning server.

Reports and logs : You can monitor WSUS events information in the Application Event Log of Windows. You can check detailed update reports, computers reports and synchronization report from WSUS console>reports.

share this  Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.