PRUEBA AHORA
Pro Tips

Windows Server Update Services (WSUS)

3 min. read
14/01/2022
By Esben Dochy

Pro Tips with Esben #13

Windows Server Update Services or WSUS is a key component in many organizations. In this pro tips blog post, I want to give you a closer look at all the data you can retrieve from devices in your organization and their WSUS settings to ensure your Windows updates are delivered smoothly.

WSUS Servers

Windows Server Update Services is a feature for Windows servers that allows you to manage and distribute Windows updates throughout your environment. WSUS also provides you with the capability to use your servers as an update source so that only WSUS servers have to download updates from Microsoft which are then distributed across your network. Additionally, and arguably the most important feature of WSUS is the ability to manage when updates are distributed. This allows you to test Windows updates on a small number of devices to ensure no issues occur when deploying it to your entire IT estate.

As a starting point, it might be interesting to have an overview of all the WSUS servers in your environment. Luckily, with the help of Windows feature scanning, you can easily report on all devices that have the «UpdateServices» feature installed.

WSUS Computer Status Overview Chart

Embedded in the WSUS console is a Computer Status chart. This chart provides an overview of three key metrics.

WSUS Computer status chart

To help gather all data in a single location I created a chart report with similar metrics so you can have this displayed on your Lansweeper dashboard. For this report, I used the Windows update KB numbers of the latest Windows Patch Tuesday report and combined it with Windows event log information. To determine whether a computer has had an error, the report checks for computers that do not have the listed Windows updates installed and have encountered error event 20 (Installation failure) or error event 31 (Windows Update failed to download an update) since the last Patch Tuesday date.

Microsoft stores a lot of information related to both WSUS and Windows updates in general in the registry. By configuring Lansweeper to scan the registry keys, you can also use this data to get an overview of your assets and their windows update and WSUS settings. One example of how you can use this is to ensure that computers are using the right WSUS server if you have multiple upstream servers. Alternatively, this also lets you verify computers have the correct reboot preferences for Windows updates and the correct schedule settings for Windows updates.

For the WSUS configuration, Microsoft lists 7 registry keys.

WSUS Configuration report

For general Windows update settings, Microsoft lists 15 registry keys.

Windows Automatic Update Configuration report