Whats the best practice for WSUS

Ahmed Essam 201 Reputation points


We've about 500 user in HQ site and around 20-50 user in 50 small branch and all sites connected through fiber connection, so whats the recommendations and best practice for design WSUS server.

Thanks in advance

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,163 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Leon Laude 85,491 Reputation points

    Hi @Ahmed Essam ,

    I'm not certain if there are best practices design-wise as every company/organization are unique and different, there are however common best practices for security and other configurations which you can find over here:

    Windows Server Update Services best practices

    Security best practices for Windows Server Update Services (WSUS)


    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,

    1 person found this answer helpful.
    0 comments No comments

  2. Adam J. Marshall 7,261 Reputation points MVP

    If you're looking at distributed load off the HQ, use replica downstream servers at each site. If you're looking at creating a single point of connection, drawing all updates from HQ, a single WSUS server will work. If you're looking for creating a single WSUS server for HQ, but having all other sites get approvals from WSUS but download directly from Microsoft, use a replica downstream at HQ, but specifying that updates will be approved only on WSUS but downloaded from Microsoft and setup your Location for each of the sites to use this replica downstream WSUS server (similar to the externally facing WSUS server as linked in my guide below).

    Some links of interest:


    1 person found this answer helpful.
    0 comments No comments