By default, these are ports and You can change these ports, as described later in this article. If the network connection between the WSUS servers is slow or expensive, you can configure one or more of the other WSUS servers to receive update payloads directly from Microsoft. In this case, only a small amount of data will be sent from those WSUS servers to the topmost server.
For this configuration to work, the other WSUS servers must have access to the same internet domains as the topmost server. If you have a large organization, you can use chains of connected WSUS servers, rather than having all your other WSUS servers connect directly to the topmost server. They also must use basic authentication or Windows authentication. You can meet these requirements by using one of the following configurations:. A single proxy server that supports two protocol channels.
Two proxy servers, each of which supports a single protocol. Log on to the computer that will be the WSUS server by using an account that's a member of the Local Administrators group. Install the WSUS server role. Enter the following command:.
In the Proxy port number text box, enter the port number of the proxy server. The default port number is If the proxy server requires that you use a specific user account, select the Use user credentials to connect to the proxy server checkbox. Enter the required user name, domain, and password into the corresponding text boxes.
If the proxy server supports basic authentication, select the Allow basic authentication password is sent in cleartext checkbox. Your client computers will all connect to one of your WSUS servers. The client computer must have outbound access to two ports on the WSUS server. Later in this topic, you'll learn how to perform these configurations by using the Options page.
On the Before you Begin page, review the information, and then select Next. Keep the default selection if you want to participate in the program, or clear the checkbox if you don't. Then select Next. Specify the server name and the port on which this server will communicate with the upstream server. The servers will use port for synchronization. Make sure that this server and the upstream server support SSL.
If this is a replica server, select the This is a replica of the upstream server checkbox. On the Specify Proxy Server page, select the Use a proxy server when synchronizing checkbox. Then enter the proxy server name and port number port 80 by default in the corresponding boxes.
You must complete this step if you identified that WSUS needs a proxy server to have internet access. If you want to connect to the proxy server by using specific user credentials, select the Use user credentials to connect to the proxy server checkbox. Then enter the user name, domain, and password of the user in the corresponding boxes. If you want to enable basic authentication for the user who is connecting to the proxy server, select the Allow basic authentication password is sent in cleartext checkbox.
On the Connect to Upstream Server page, select start Connecting. On the Choose Languages page, you have the option to select the languages from which WSUS will receive updates: all languages or a subset of languages.
Selecting a subset of languages will save disk space, but it's important to choose all the languages that all the clients of this WSUS server need. If you choose to get updates only for specific languages, select Download updates only in these languages , and then select the languages for which you want updates.
Otherwise, leave the default selection. If you select the option Download updates only in these languages , and this server has a downstream WSUS server connected to it, this option will force the downstream server to also use only the selected languages.
The Choose Products page allows you to specify the products for which you want updates. Select product categories, such as Windows, or specific products, such as Windows Server Selecting a product category selects all the products in that category.
On the Choose Classifications page, select the update classifications that you want to get. Choose all the classifications or a subset of them, and then select Next. The Set Sync Schedule page enables you to select whether to perform synchronization manually or automatically. Set the time for First synchronization , and then specify the number of synchronizations per day that you want this server to perform.
On the Finished page, you have the option to start the synchronization now by selecting the Begin initial synchronization checkbox. Select Next if you want to read more about additional settings, or select Finish to conclude this wizard and finish the initial WSUS setup.
You'll use this console to manage your WSUS network, as described later on. This will allow the attacker to install malicious software on client computers. This effort involves creating an SSL certificate for the server. The steps that are required to get an SSL certificate for the server are beyond the scope of this article and will depend on your network configuration.
For more information and for instructions about how to install certificates and set up this environment, we suggest the following articles:. Suite B PKI step-by-step guide. Implementing and administering certificate templates. Active Directory Certificate Services upgrade and migration guide.
Configure certificate autoenrollment. By default, this is port A second port uses HTTP to send update payloads. WSUS is designed to encrypt update metadata only. This is the same way that Windows Update distributes updates. To guard against an attacker tampering with the update payloads, all update payloads are signed through a specific set of trusted signing certificates. Need more help?
Expand your skills. Get new features first. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. This will bring up the Welcome page of the installation UI. Click Next. If you are bringing up the remote console for the first time, you will see only Update Services in the left pane of the console.
Ir al contenido principal. Este explorador ya no se admite. Contenido Salir del modo de enfoque.
0コメント