Tag: WSUS

Windows 10 Roll-out: WSUS, Group Policy and Installation

As a software development company we need to be a little ahead of the curve when it comes to our adoption of new releases of Windows Server and Desktop environments as we need to ensure that our software will continue to function when our clients decide to upgrade to the latest technologies. However until recently due to our customers being large enterprises, which traditionally are slow to adopt new technology, we didn’t need to jump in immediately when a new OS was released. That has changed since we started to gain clients in emerging markets, Kenya and Nigeria specifically, who appear to be quicker to adopt the latest OS as they are experiencing rapid expansion and growth of their infrastructure.

So just over two months since the release of Windows 10 I undertook a pilot program to roll it out to a limited number of developers and create a small number of virtual machines for testing.

Edit: Since first writing this up the number of people that I have rolled Windows 10 out to now encompasses almost a third of the company.

But prior to the actual roll-out there are a couple of tasks that need to be done to ensure that the infrastructure for managing Windows 10 is in place namely WSUS (Windows Server Update Services) and Group Policy.

WSUS was pretty simple as the product list it uses is updated automatically with new entries so it is just a matter of ticking the boxes to receive updates for those products. Open up the WSUS console, click on Options and then Products and Classifications. Tick all the relevant boxes to receive the Windows 10 updates.

WSUS_windows10

Installing the Group Policy Administrative Templates (admx files) was more involved but again was pretty straightforward. I downloaded the ADMX files Microsoft Administrative Templates for Windows 10 I also downloaded the ones for Windows 8.1 and Windows Server 2012 R2 as I’d realized that I’d somehow overlooked these previously.

Logged into one of the Domain Controllers and found the path to the SYSVOL folders location in the Central Store. Please note if you’re following these instructions and do not have a central store in your domain then the SYSVOL location will have different path.

Then opened the msi installer to start the installation of the Administrative Templates. At the Select Installation Folder window I changed the folder from the default to the folder of the SYSVOL folder in the central store that I found previously.

Windows-10-admx-installation

If you have a Central Store for ADMX files, the location should be the same or similar to the path below, just replace with your domain name (domain.com).

C:\Windows\SYSVOL\sysvol\\Policies\PolicyDefinitions

Installed both sets of templates and then took a quick look at the Group Policy Settings reference spreadsheet to see what new settings have been added, the total number of settings is now over 3700!

The actual installs of Windows 10 have all gone very smoothly so far. As well as the relatively new developer PCs (1-2 years old) I have carried out Windows 10 upgrades on a variety of different older systems including a 5 year old desktop PC and a 4 year old laptop.



Updating WSUS to work with Windows 8 and Server 2012

I have to confess that I haven’t been paying as much attention to WSUS as I should have and even though I had been going in and approving updates as they have become available I failed to notice that my Windows 8 clients and the Windows Server 2012 were being misidentified and hadn’t yet reported to WSUS.

wsus_reporting_error

Windows 8 was being identified as Windows XP Professional x64 Edition and Windows Server 2012 as Windows Server 2003 Standard x64 Edition.

With a little help from http://chapsnet.wordpress.com/ I was able to resolve the issues through the following steps.

First I visited Microsoft to download the Update for WSUS 3.0 SP2 (KB2734608) that allows it to be able to recognise Windows 8 and Windows Server 2012 Operating Systems and download the appropriate updates.

Once installed on the WSUS Server there are a couple of services that need to be reset in order for it to then synchronize correctly and recognise the newer operating systems.

open Command Prompt and run the following commands
IISReset
net stop WSUSService
net start WSUSService

Open the Console, Update the Product List and begin a Synchronisation

Even though my clients had already been connected to the WSUS server prior to the update I only needed to do the following on the Windows Server 2012 machine in order for it to update in the WSUS console. The Windows 8 clients re-identified themselves correctly without anything further needing to be done.

Open an elevated Command Prompt (Win + X menu)
enter the following commands
net stop wuauserv
rd /s %windir%\softwaredistribution\
y
net start wuauserv
wuauclt /update

Running wuauclt /ResetAuthorization /DetectNow at the command prompt on the Windows 2012 server resolved the reporting issue and S300-Win2012 now shows up as both being identiifed as Windows Server 2012 and as having reported in. It looks like there are 3 updates that it requires.

wsus_reporting_resolved