- Windows Update keeps Windows secure and up to date with patches, drivers, and features.
- WSUS (Windows Server Update Services) allows centralized update management in enterprise environments.
¶ 2. Windows Update (Standalone PCs)
- Automatically downloads updates from Microsoft servers.
- Installs security, quality, driver, and feature updates.
- Requires internet connectivity.
- Open Settings
- Go to Windows Update
- Click Check for updates
- Download and install available updates
- Restart if prompted
- Security Updates – Fix vulnerabilities
- Quality Updates – Bug fixes and improvements
- Feature Updates – Major Windows version upgrades
- Driver Updates – Hardware compatibility updates
- Open Settings → Windows Update
- Pause updates (temporary)
- Configure active hours
- View update history
- Uninstall problematic updates if required
- A Windows Server role used to manage updates for multiple computers.
- Downloads updates once and distributes them internally.
- Reduces internet bandwidth usage.
- WSUS Server – Central update repository
- Clients – Domain-joined PCs/servers
- Microsoft Update – Upstream source
- Install Windows Server
- Add WSUS role via Server Manager
- Choose storage location for updates
- Complete post-installation configuration
- Select update source (Microsoft or upstream WSUS)
- Choose products (Windows versions, Office)
- Select update classifications
- Synchronize updates
- Approve updates for target groups
- Open Group Policy Management
- Configure Specify intranet Microsoft update service location
- Set WSUS server URL
- Apply policy to target OUs
¶ 8. Monitoring and Reporting
- View update compliance status
- Identify failed or missing updates
- Generate reports for auditing
- Client not reporting to WSUS
- Updates stuck in downloading or installing
- WSUS database or disk space issues
- Test updates before broad deployment
- Approve updates in phases
- Keep WSUS server maintained and backed up
- Regularly clean up obsolete updates