ITD utilizes Windows Server Upgrade Service (WSUS) to manage OS and Microsoft Office patching, and to give administrators control over hot-fixes and updates released to computers within an organization.
Enterprise Patching
Windows patching ensures that computers get the latest security and critical updates from Microsoft. Many people are familiar with the "Windows Update" feature enabled by default in Windows. While Windows Update can work well in residential applications, IT administrators often require a more powerful tool. WSUS gives administrators control over what updates are applied, when they are applied, and to which computers they are applied. This serves to increase the security posture of the organization, decrease the time spent applying updates, provide administrators with an accurate reporting of the deployment of updates. WSUS also allows administrators to crate test groups. These groups can have updates applied to them to verify the updates don't break functionality. Once verified, updates can be safely implemented across the organization.
Configuring WSUS via Active Directory Group Policies
- Right-click on the Organizational Unit (OU) which contains the computers you wish to have the policy applied to
- Select Properties
- Select the Group Policy Tab
- Click the New button
- Type in a descriptive name for the policy then press enter
- With the new policy highlighted, click the edit button
- Expand Computer Configuration, right-click on Administrative Templates, and click Add/Remove Templates
- Download Group Policy ADM Files from Microsoft (xpadmsetup.msi)
- Under Computer Configuration, expand Administrative Templates, expand Windows Components, and expand Windows Update
- Double-click on Configure Automatic Updates. Click the radio button to enable
- From the Configure Automatic Updating dropdown list, select "4-auto download and schedule the install"
- For Scheduled Install Day, select "0-every day"
- For Scheduled Install Time, select a time that will work for your agency
- Click OK
- Double-click on Specify Intranet Microsoft Update Service Location
- Click the radio button to enable
- Enter http://itdwsus.nd.gov (this hyperlink is utilized in the WSUS) for intranet update and intranet statistics
- Click OK
- Double-click on Reschedule Automatic Updates Scheduled Installations
- Click radio button to enable. Change Wait After System Startup to 1 minute
- Click OK
- Double-click Enable Client-side Targeting
- Click the radio button to enable
- Put in a group name for your agency. (For example: ITD Desktops)
- Click OK
- Close out of the group policy editor
Requesting Service
Use ITD's online Work Management System (WMS) to submit a service request.