Prev Page: Key Considerations for WSUS 6.2
What database options are available with WSUS?
WSUS requires a database to store update metadata and configuration information. WSUS can use one of the following databases: Windows Internal Database (WID) or Microsoft SQL Server database.
Windows Internal Database ships with the Windows operating system, and there are no additional license costs associated with it. Most organizations opt to use the Windows Internal Database to help reduce licensing costs, but it is important to note that WID will not work when installing WSUS Server in a load balancing/high availability scenario. As a result, you must choose the SQL Server database option when installing WSUS Server in a load balancing/high availability scenario.
In case you are planning to install a WSUS role on a computer that is separate from the database computer, take note of the following points:
The database server must not be configured on a domain controller.
Remote Desktop Services role must not be installed on the computer where the WSUS Server role is installed.
In case database and WSUS servers are in a different Active Directory domain, make sure you have a trust relationship between both the Active Directory domains.
Can WSUS Server traffic be load balanced?
In a large production environment, you will always set up WSUS on a Network Load Balancing cluster to increase the reliability and performance of WSUS Servers. If you want to set up WSUS in an NLB cluster, WSUS Server must be installed using the Microsoft SQL Database option.
It is important to note that updates that are stored locally on the WSUS Server must be available to all WSUS Servers that are sharing the same SQL database.
Is it necessary to connect WSUS to the internet to get updates from Microsoft Update Servers?
A WSUS Server can be configured in an offline mode. Generally, these WSUS Servers are called Disconnected WSUS Servers. In cases where a WSUS cannot connect to Internet to obtain updates directly from Microsoft Update Servers due to some corporate Internet policies, an offline WSUS Server can be installed.
After downloading and testing updates on a WSUS Server that is connected to the Internet, administrators can export the content to an external hard disk and then import the contents to the WSUS Servers running in disconnected mode.
How many WSUS PowerShell cmdlets are available?
There are about 12 PowerShell cmdlets that are installed as part of a WSUS Server role installation. These PowerShell cmdlets are very helpful when you want to perform WSUS administrative or repeated tasks from a command prompt.
For example, you can use the Approve-WsusUpdate cmdlet to approve updates to be applied to client computers. Similarly, if you encounter a situation where you need to decline all the updates, you can use the Deny-WsusUpdate PowerShell cmdlet. As an example, the following command approves all updates that are unapproved with a status of failed or needed.
Get-WsusUpdate -Classification All -Approval Unapproved -Status FailedOrNeeded | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers"
And to decline all updates, run the command below:
Get-WsusUpdate -Classification All -Approval Unapproved -Status FailedOrNeeded | Deny-WsusUpdate
Nirmal Sharma is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He has specialized in Microsoft Technologies since 1994 and has followed the progression of Microsoft Operating System and software. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to Solution IDs for www.Dynamic-SpotAction.com. Nirmal can be reached at [email protected].