Microsoft Windows Security Updates (WSUS) Infrastructure

Client: International/Government Organisation
No of Employees: 10,000

Project Overview
The client wanted to implement a central server that would automate the distribution of Microsoft Windows Security Updates to all the Windows client machines within the organisation.

This would ensure that all Windows clients would be at the same “patch” level, which would make support easier and at the same time enhance/increase security.

Infrastructure Requirements

  • An in-house WSUS Server would be required, which would download the Windows updates from Microsoft directly
  • Creation of a Test Group within WSUS to accommodate the test machines required for testing the Windows updates downloaded from Microsoft
  • A method of deploying the WSUS Server settings (aka: Update Policy) to each of the Windows clients to ensure they download the Microsoft Windows updates from the internal WSUS Server and not from the Internet

Proof of Concept
The WSUS Server was setup and the relevant Windows updates were downloaded to the Server. A number of test machines were added to the Test Group, and the Windows updates were applied to these test machines.

To ensure compatibility with the business applications, thorough tests were carried out on these test machines before the Windows updates would be deployed to all Windows Clients in the production environment.