WSUS Configuration Tips

by

The following configuration might be helpful in optimising the performance of a WSUS server which will help make the update process quicker for the clients.

 

Only download the required language

If your organisation only uses one language you can customise WSUS so it gets the patch for only this language.

  1. Open the WSUS Admin console and click the Options button in the upper left corner of the screen
  2. Click the Synchronization Options link
  3. Scroll all the way to the bottom of the screen
  4. Click the Advanced button
  5. In the Advanced Synchronization Options dialog box ensure that the Download Only Those Updates That Match The Local Language of This Server option is selected.

 

Download updates as soon as they are available

By allowing the updates for your required operating systems automatically you will reduce the delay between the update being approved and the clients receiving the update. In some circumstances not doing this results in clients leaving the update pending whilst WSUS downloads the update. This can be annoying and confusing for the users.

  1. Open the WSUS Admin console and click the Options button in the upper left corner of the screen
  2. Click the Synchronization Options link
  3. Scroll all the way to the bottom of the screen
  4. Click the Advanced button
  5. In the Advanced Synchronization Options dialog box ensure that the Download Update Files to This Server Only When Updates Are Approved option is not selected

 

Use a dedicated server for WSUS

Even though WSUS doesn’t have huge system requirements it is recommended that you use a dedicated server. This can reduce resource or service conflicts.

 

Use Target Groups to manage the roll out of updates

At very least have a target group for your workstations and servers. If you need to break down the roll out to workstations to minimise interruption to your clients or network congestion you should look into creating more workstation groups. For example, it could be broken down using your Active Directory OU structure.

 

WSUS updates for remote sites

If you have remote sites with a considerable number of clients it might be worth having another WSUS install on site to mirror the main WSUS server.

The second WSUS server can be configured to replicate approval status and downloaded updates.

 

Only download the required updates

Ensure that WSUS is only downloading the updates for your supported operating systems. This will reduce any unnecessary WAN usage and database size.