DA NANG UNIVERSITY VIETNAM-KOREA UNIVERSITY OF INFORMATION AND COMMUNICATION TECHNOLOGY COMPUTER SCIENCE FACULTY FINAL PROJECT NETWORK ADMINISTRATION GROUP 09 TOPIC: RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Members: Tran Thi Kim Oanh - 19IT3 Nguyen Trung Hieu – 19IT3 Hoang Nguyen Viet Nam – 19IT3 Le Tran Thu Loan – 19IT3 Part Class: Network Administration (3) Instructor: Dr Dang Quang Hien Da Nang, November 2021 DA NANG UNIVERSITY VIETNAM-KOREA UNIVERSITY OF INFORMATION AND COMMUNICATION TECHNOLOGY COMPUTER SCIENCE FACULTY FINAL PROJECT NETWORK ADMINISTRATION GROUP 09 TOPIC: RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Members: Tran Thi Kim Oanh - 19IT3 Nguyen Trung Hieu – 19IT3 Hoang Nguyen Viet Nam – 19IT3 Le Tran Thu Loan – 19IT3 Part Class: Network Administration (3) Instructor: Dr Dang Quang Hien Da Nang, November 2021 PREFACE Information and data play an important role in production and business activities as well as the development of enterprises One of the important methods to secure information and data is to regularly update patches for Windows operating system and Microsoft software on PCs and Servers However, with a relatively large number of PCs and Servers at agencies, the implementation of updating (updating) patches (hotfixes), upgrades for operating systems, and Microsoft's software is a something worthy of attention Currently, updates for PCs and Servers in offices are largely done manually (updates are done by individual users) This leads to the following problems: o Users not update patches or perform incomplete patch updates, leading to the risk of being attacked by security holes The administrator has not been able to control the update status of users' patches, operating systems and Microsoft applications o Each user individually updates Microsoft's operating systems and programs, resulting in bandwidth consumption, especially international bandwidth o In case the Internet connection is slow or interrupted, it will lead to updating operating systems, Microsoft programs for PC and Server take longer, making PC and Server run slower Therefore, the main solution is to install an intermediate Server (WSUS Server) to update patches from the Internet, then PCs in the LAN connect to this Server to update patches After implementing this solution, the following goals will be achieved: o All Client computers in the LAN are updated with timely patches, improving security and safety for user computers (Clients) o The update time of the clients is scheduled in accordance with the LAN performance o Saving bandwidth for Internet access: Previously, all clients had to access the Internet to update (each update had to download from a few dozen to several hundred Megabytes of data), but now there is only one server Connect to the Internet to update online while the clients perform updates inside the LAN Therefore, our group decided to implement the topic: "RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES" With the efforts and especially the dedicated and thoughtful help of the instructors, Dr Dang Quang Hien, our group completed the subject project on time Due to the limited time to the project and the limited qualifications, it is inevitable that there will be shortcomings I look forward to receiving comments from teachers as well as from students to improve this project Da Nang, November 2021 THANK YOU We would like to sincerely thank the enthusiastic help of the instructor Dr Dang Quang Hien, who oriented, guided and supported our team during the implementation of this project We would also like to thank the teachers and lecturers in the University of Information and Communication Technology - UD for providing me with the necessary knowledge to carry out this project We would also like to thank my family and friends who always encouraged and supported me during my study and research, and contributed valuable experiences during the implementation of this thesis We wish the teachers good health, good work, continue to teach and train the young generation successfully We sincerely thank you! COMMENTS OF INSTRUCTOR Da Nang, November 2021 Instructor Dr Dang Quang Hien CONTENT PREFACE THANK YOU LIST OF PICTURES .3 LIST OF ABBREVIATIONS PREAMBLE Objectives of the study Expected results CHAPTER OVERVIEW 1.1 WSUS Definition 1.2 History 1.3 WSUS Server Role Description .4 1.4 Using Windows PowerShell to Manage WSUS .5 1.5 Benefits of WSUS 1.6 Advantages and disadvantages .6 1.7 How to extend WSUS CHAPTER PARADIGM 2.1 Paradigms .9 2.2 Working principle 2.3 WSUS Deployment Scenarios 10 CHAPTER STEP BY STEP .13 3.1 Install Window Server Update Services (WSUS) 13 3.2 User Policy Configuration 28 3.3 Manage computers in LAN and WSUS Server 33 Check the connection of computers in the LAN to the WSUS Server Check the initial WSUS Server configuration 33 Check WSUS Server Version 35 Synchronize updates from Microsoft Server to WSUS Server .37 Download updates from Microsoft Server to WSUS Server 38 Check the update status of PCs and Servers in LAN 42 Check the update status of PCs and Servers in LAN on WSUS Server 44 CONCLUSION 45 Result 45 Difficulty 45 REFERENCES 46 LIST OF PICTURES Figure 1 Windows Server Update Services Figure Paradigms of topic Figure 2 Single WSUS Server (Small-Sized or Simple Network) 10 Figure Multiple Independent WSUS Servers 11 Figure Multiple Internally Synchronized WSUS Servers 12 Figure Disconnected WSUS Servers .12 Figure Install Window Server Update Services .13 Figure Install Window Server Update Services .13 Figure 3 Install Window Server Update Services .14 Figure Install Window Server Update Services .14 Figure Install Window Server Update Services .15 Figure Install Window Server Update Services .15 Figure Install Window Server Update Services .16 Figure Install Window Server Update Services .16 Figure Install Window Server Update Services .17 Figure 10 Install Window Server Update Services .18 Figure 11 Install Window Server Update Services .18 Figure 12 Install Window Server Update Services .19 Figure 13 Install Window Server Update Services .19 Figure 14 Install Window Server Update Services .20 Figure 15 Install Window Server Update Services .20 Figure 16 Install Window Server Update Services .20 Figure 17 Install Window Server Update Services .21 Figure 18 Install Window Server Update Services .21 Figure 19 Install Window Server Update Services .22 Figure 20 Install Window Server Update Services .23 Figure 21 Install Window Server Update Services .23 Figure 22 Install Window Server Update Services .24 Figure 23 Install Window Server Update Services .24 Figure 24 Install Window Server Update Services .25 Figure 25 Install Window Server Update Services .25 Figure 26 Install Window Server Update Services .26 Figure 27 Install Window Server Update Services .26 Figure 28 Install Window Server Update Services .27 Figure 29 Install Window Server Update Services .27 Figure 30 Install Window Server Update Services .28 Figure 31 User Policy Configuration 28 Figure 32 User Policy Configuration 29 Figure 33 User Policy Configuration 29 Figure 34 User Policy Configuration 30 Figure 35 User Policy Configuration 31 Figure 36 User Policy Configuration 31 Figure 37 User Policy Configuration 32 Figure 38 User Policy Configuration 32 Figure 39 User Policy Configuration 33 Figure 40 Manage computers in LAN and WSUS Server 34 Figure 41 Manage computers in LAN and WSUS Server 35 Figure 42 Manage computers in LAN and WSUS Server 36 Figure 43 Manage computers in LAN and WSUS Server 37 Figure 44 Manage computers in LAN and WSUS Server 37 Figure 45 Manage computers in LAN and WSUS Server 38 Figure 46 Manage computers in LAN and WSUS Server 38 Figure 47 Manage computers in LAN and WSUS Server 39 Figure 48 Manage computers in LAN and WSUS Server 39 Figure 49 Manage computers in LAN and WSUS Server 40 Figure 50 Manage computers in LAN and WSUS Server 40 Figure 51 Manage computers in LAN and WSUS Server 41 Figure 52 Manage computers in LAN and WSUS Server 41 Figure 53 Manage computers in LAN and WSUS Server 42 Figure 54 Manage computers in LAN and WSUS Server 43 Figure 55 Manage computers in LAN and WSUS Server 43 Figure 56 Manage computers in LAN and WSUS Server 44 Figure 57 Manage computers in LAN and WSUS Server 44 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES The last setting we select automatic update detection frequency and then select Enabled then in the interval box we select then select apply and then press ok Figure 37 User Policy Configuration Then we will exit, in the WSUS folder we right click and select link an exting GPO then select Test wsus gpo click ok Figure 38 User Policy Configuration 33 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Then we go to the WIN_Client virtual machine and type commpand prompt and type the command line “gpupdate /force” and wait for the result We have successfully configured the policy for WSUS and now we pass WIN_WSUS Figure 39 User Policy Configuration 3.3 Manage computers in LAN and WSUS Server The process of managing computers in the LAN and WSUS Server includes: o Check if the computers in the LAN are connected to the WSUS Server If the PCs are not connected to the WSUS Server, execute the sync commands manually from the unconnected PCs o Check WSUS Server version and update WSUS Server to the latest version o Synchronize information about updates from Microsoft Server to WSUS Server o Allows the WSUS Server to download necessary updates for the operating system and software from the Microsoft Server Then check if the WSUS Server has downloaded all the selected updates o Check the update status of PCs in LAN o Check the update status of PCs and Servers in LAN on WSUS The steps are as follows: Check the connection of computers in the LAN to the WSUS Server Check the initial WSUS Server configuration Go to All Programs Administrative Tools Windows Server Update Services 34 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Figure 40 Manage computers in LAN and WSUS Server By default, computers on the LAN will be included in the Unassigned Computers group It is possible to create Computer Groups to classify Windows operating systems and Group Computers to classify PC boards for easy management We can further combine with Active Directory Users and Computers, Group Policy Management to perform updates for each Board at different times Implement synchronization between the client and the WSUS server Noticed, when I first installed WSUS Server, there were some PCs that were not connected to WSUS Server Then, you can go to that PC, go to Run, execute the command wuauclt /resetauthorization /detectnow to connect that PC to the WSUS Server In this case, on the Windows Server 2016 PC (Win_DC) execute the command: wuauclt /resetauthorization /detectnow After performing the sync, we have the result that the Windows Server 2016 PC has been added to Unassigned Computers in the WSUS Server 35 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Figure 41 Manage computers in LAN and WSUS Server Check WSUS Server Version When new PCs and Servers are added to the WSUS Server, the Installed/ Not Applicable Percentage section is 0% because the WSUS server is analyzing the update status of the PCs and Server Now the status of the PCs and Servers is Not yet Reported To perform the update status information immediately to the WSUS Server, go to the PCs and Servers that have not sent the update status information, go to Run, type the command wuauclt /reportnow PCs and Servers immediately send updated status information to the WSUS Server Sometimes, because the version of the WSUS Server is lower than the version of the PC and Server in the LAN, the status of the PC and Server remains Not yet Reported At this time, it is necessary to update the version for WSUS Server To see the WSUS Server version, go to Help  About Update Service… 36 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Figure 42 Manage computers in LAN and WSUS Server To update, select the service pack of windows and download the update After running the update package, the current version of the WSUS Server is 10.0.14393.2969 37 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Synchronize updates from Microsoft Server to WSUS Server After the PCs and Servers have been placed in Unassigned Computers of WSUS Server and have notified the update status to WSUS Server, we have the following information: Figure 43 Manage computers in LAN and WSUS Server For example in the above case for a Win_DC PC: the percentage of installed or inappropriate updates is 90%, the number of required updates is 234, corresponding to 10% We proceed to synchronize (Synchronize now) to see if the required update number information for computers on the LAN from the Microsoft homepage about WSUS Server has changed: Figure 44 Manage computers in LAN and WSUS Server 38 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES After synchronizing, the program will notify the last update time and the update status is successful Figure 45 Manage computers in LAN and WSUS Server Download updates from Microsoft Server to WSUS Server Currently, PCs (Windows Server 2016 Win_DC) and Servers (windows server 2016) have 52 security updates and 22 critical updates that need updating Figure 46 Manage computers in LAN and WSUS Server Perform updates (Approve) updates for PCs, Servers to download updates from Microsoft homepage to WSUS Server 39 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Figure 47 Manage computers in LAN and WSUS Server At the Approve Updates window, select All Computers, Select Approved for Install Then select OK Figure 48 Manage computers in LAN and WSUS Server Wait for the process to accept the updates 40 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Figure 49 Manage computers in LAN and WSUS Server Accept the updated successfully, then select Close Figure 50 Manage computers in LAN and WSUS Server Wait for updates to be downloaded from Microsoft Server to the WSUS server 41 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Figure 51 Manage computers in LAN and WSUS Server After the WSUS Server has downloaded the updates we can see the required update number Figure 52 Manage computers in LAN and WSUS Server 42 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Check the update status of PCs and Servers in LAN Check PC Win_DC01 Before updating the PC Win_DC01 Figure 53 Manage computers in LAN and WSUS Server When it's time to sync updates from WSUS Server to PC Win_DC01 (set in Domain Controller's Group Policy) Updates will be automatically downloaded to your PC After the updates have been downloaded to the PC, if the policy on the Domain Controller is Auto-Download and Notify for Install, a message will be displayed asking you to update the patches (for Win_DC01 PC) This is the process of installing updates 43 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Figure 54 Manage computers in LAN and WSUS Server Once the update is complete, restart your PC Click the Restart now Figure 55 Manage computers in LAN and WSUS Server After rebooting, we proceed to check for updates 44 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES Figure 56 Manage computers in LAN and WSUS Server Check the update status of PCs and Servers in LAN on WSUS Server After the computers in the LAN have been updated, we will receive a message that the computers are in 93% updated condition, required updates are (Update needed) Figure 57 Manage computers in LAN and WSUS Server 45 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES CONCLUSION Result About learning knowledge Through researching and building this topic, we have strengthened and learned many things such as: o Consolidating knowledge about network administration, through the course in general and the final topic in particular, helped the group to better understand how it works as well as the benefits of implementing WSUS o Cultivate knowledge and observation skills, be sharp in exercises as well as proficiently use virtual machines, apply vmware to network administration About the topic Facing the rapid development of information technology, the deployment and implementation of WSUS is an indispensable thing The results of the project are: o Understand and understand how it works, as well as deploy and install WSUS o Finalize the topic, deploy and install WSUS After finishing a project, the indispensable thing is a written report on your topic and project presentation slides The detailed report presents a reasonable table of contents layout Difficulty Do not time perfect project but time time Song if there are many time more than group they will complete and security up to that you can be given up to the performance 46 Group 09 - RESEARCHING AND DEPLOYING WINDOWS SERVER UPDATE SERVICES REFERENCES [1] [1:56AM 13/11/2021] Overview about WSUS [online] https://docs.microsoft.com/en-us/windows-server/administration/windowsserver-update-services/get-started/windows-server-update-services-wsus [2] [2:00AM 13/11/2021] Step by step [online] https://www.youtube.com/watch?v=Yv0qjxdX5yw 47