When configuring WSUS, you can consult Microsoft’s best practices. This will guide you through what to tune in WSUS. Still, there are different approaches to building and maintaining a WSUS Server, and overall, the situation can be rather complicated. That’s why WAM exists. Fortunately, it makes optimizing and maintaining your WSUS a breeze. We’ve put together some WAM best practices for setup and use that offer further assistance in configuring and maintaining your server.
Opt for the Proposed Defaults for Simpler Setup – the Blue Path
First of all, there are two ways, or paths for configuration: Red and Blue. The Blue path is easier and automatically sets the best defaults.Â
Whenever you’re unsure or don’t need advanced customization options during setup, choose the proposed defaults, which correspond with the Blue path. Everything that needs to be enabled is enabled – database maintenance, SCW, Removing Drivers, Declining Updates, etc. With this path, you cannot customize the sections. This includes options like where the backup location is, shrink frequency, how much to shrink the database by, reporting frequency, etc.
That’s what makes WAM so easy to set up. It defaults to the best options for 99% of the installations which allows for a super simple setup.
Select the Red Path for Advanced Configuration
If you are feeling adventurous, the Red path, on the other hand, allows you to customize just about every section, like Language Packs, ARM64, and more.
During setup, you can configure the following, (and where you’re unsure, keep the Blue defaults that are there):
- SMTP server settings
- Set the Mail Report style, TXT or HTML and the reporting frequencyÂ
- Adjust the SQL Database Shrink frequency and settings
- Adjust the scheduling time
- Remove WSUS Drivers and Declined Updates
- Customize the SQL & WSUS Server Connection settings
- The Decline Updates Settings
- And more
Run WAM Routines as They’re Meant to BeÂ
There are 5 routines that WAM. Run them as indicated or you might encounter problems later on.
- FirstRun
You should only run the FirstRun the first time unless explicitly told to by WAM’s support staff or the software.
- ScheduledRun
The ScheduledRun automatically considers if this is the monthly streams day, as well as if it’s the start of the next quarter. It’s basically the automation of the whole system.
**The next 3 routines are NOT to be run manually. They are for edge cases and high customizability with scheduling.**
- DailyRun
As the name makes clear, this routine only considers what’s done daily and does not run anything that would run on a monthly or quarterly basis.
- MonthlyRun
This is for monthly activities and will not run anything that would be done quarterly. Keep in mind that MonthlyRun will perform daily tasks as they’re also embedded in the monthly tasks.
- QuarterlyRun
Finally, this routine runs quarterly. And since daily and monthly tasks are embedded in quarterly tasks, it will perform those too.Â
Follow Our Stream Recommendations
In our configuration guide, we explain all the streams and provide recommendations for best practices.Â
The streams we provide recommendations for include:
- SQL Database Backup StreamÂ
- Database Index Optimization StreamÂ
- Remove WSUS Drivers StreamÂ
- Remove Declined Updates StreamÂ
- Remove Obsolete Updates StreamÂ
- Compress Update Revisions StreamÂ
- Decline Multiple Types of Updates StreamÂ
- Remove Synchronization Logs StreamÂ
- Display Newly Added Products StreamÂ
- Prune IIS Logs StreamÂ
- Remove Computer Objects StreamÂ
- Rename OS Descriptions StreamÂ
- Database Maintenance StreamÂ
- SQL Database Shrink Stream
- Server Cleanup Wizard StreamÂ
- Install Task StreamÂ
- Dirty Database Check Stream
Do the Proper Maintenance Right Away
Even if you just installed a WSUS server (rebuild or new), you need to do maintenance right away. Yes, it will work without doing maintenance at this point but not as well as it could or should. Remember, just because it’s new does not mean it’s not clean or optimized.
Use WAM to Back up Your WSUSÂ
WSUS doesn’t have built-in utilities for backing up and restoring. Backups are done using Windows Server Backup (WSB) or a third-party file-level solution in combination with SQL backups or a third-party solution like WAM. WAM backs up the database on a monthly basis. WAM uses SQLCMD.exe which is SQL’s own tool for backups. We test if compression is supported and compress the backup by default. WAM can take care of your WSUS backups so you can free up your time to work on other matters.
Rely on WAM
The best way to set up and maintain your WSUS server is to use WAM. WAM already employs several best practices as recommended by Microsoft – and in fact, surpasses Microsoft’s recommendations. It’s the last WSUS script you’ll ever need. WSUS doesn’t keep itself clean, has no automated processes or internal identification of issues and fixes, and doesn’t run any SQL maintenance on the database.
WAM runs daily. The software will reindex the WSUS database, remove drivers, decline multiple types of updates, clean synchronization logs and remove obsolete updates. And the best part: these tasks are done in the background.
Combine WAM with UUP
If you’re already using WAM, you know it saves you a ton of time by automating the majority of admin tasks. But, when used in combination with UUP (Unified Update Platform), admin tasks will be even more efficient and simple. It’s the ultimate way to free up your time so you can prioritize important tasks rather than focusing on admin tasks and details.
Make your life easier.
At AJ Tek, our vision is to make IT simple and automated for other IT professionals. Our flagship product is WAM, WSUS Automated Maintenance. This system performs all of the tasks that a WSUS Administrator needs to do to maintain WSUS properly only leaving the approving of updates and reporting to the WSUS Administrator.
Connect with us on Facebook and LinkedIn for additional insights and advice.