Whats the best practice for WSUS

Ahmed Essam 206 Reputation points
2021-07-08T15:46:27.113+00:00

Hello,

We've about 500 user in HQ site and around 20-50 user in 50 small branch and all sites connected through fiber connection, so whats the recommendations and best practice for design WSUS server.

Thanks in advance

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,071 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Leon Laude 85,786 Reputation points
    2021-07-08T16:42:26.487+00:00

    Hi @Ahmed Essam ,

    I'm not certain if there are best practices design-wise as every company/organization are unique and different, there are however common best practices for security and other configurations which you can find over here:

    Windows Server Update Services best practices
    https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices

    Security best practices for Windows Server Update Services (WSUS)
    https://techcommunity.microsoft.com/t5/windows-it-pro-blog/security-best-practices-for-windows-server-update-services-wsus/ba-p/1587536

    ----------

    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,
    Leon

    1 person found this answer helpful.
    0 comments No comments

  2. Adam J. Marshall 9,386 Reputation points MVP
    2021-07-08T21:46:34.443+00:00

    If you're looking at distributed load off the HQ, use replica downstream servers at each site. If you're looking at creating a single point of connection, drawing all updates from HQ, a single WSUS server will work. If you're looking for creating a single WSUS server for HQ, but having all other sites get approvals from WSUS but download directly from Microsoft, use a replica downstream at HQ, but specifying that updates will be approved only on WSUS but downloaded from Microsoft and setup your Location for each of the sites to use this replica downstream WSUS server (similar to the externally facing WSUS server as linked in my guide below).

    Some links of interest:

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/
    https://www.ajtek.ca/wsus/externally-facing-wsus-servers/
    https://www.ajtek.ca/wsus/dual-scan-making-sense-of-why-so-many-admins-have-issues/

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.