WSUS Policies and Tuning

In this chapter, we will see how to configure WSUS and tune it. The following steps should be followed for configuring it.

Step 1 − When you open it for the first time, you should do it by going to “Server Manager” → Tools → Windows Server Update Services, then a Configuration wizard will be opened and then click → Next.

Step 2 − Click “Start Connecting” → Wait until the green bar is full and then → Next.

Step 3 − Check the box for which the updates want to be taken, I did for English and then → Next.

Step 4 − Check the box for all the products which you want to update. It is just for Microsoft products and it is recommended to include all the products related to Microsoft and then → Next.

Step 5 − Choose the classification updated to be downloaded, if you have a very good internet speed, then check all the boxes, otherwise just check “Critical Updates”.

Step 6 − Now we should schedule the updates which I will recommend to do it automatically during night time → Next.

Step 7 − Check Box “Begin initial synchronization” → Finish.

Step 8 − Now the WSUS console will be open and we must add the computer to WSUS. To do this, go to Options → Computers.

Step 9 − If you have a Domain Controler environment, choose the second option like in my case, otherwise choose the first option and then → OK.

Step 10 − After you have done all this, you should approve updates, which is similar like how it is done in the previous version. To do this – Right click on the updates → Approve as shown in the screenshot given below.

Step 11 − Then you should click Approve for install as shown in the screenshot given below.

Configure WSUS Role

As you know the WSUS (Windows Server Update Services) is an update service of Microsoft which allows the companies to test updates before installing to live environment.

To install this role, we should follow the steps given below.

Step 1 − Go to “Server Manager” → Manage → Add Roles and Feature → Next → Select “Role-based or feature-Based-Installation → Select a server from the pool server and then → Next.

Step 2 − Check “Windows Server Update Service” a pop-up window table will come out → click “Add Features” then → Next and then again → Next.

Step 3 − Check box of WID Database and WSUS Services

Step 4 − Choose the path for the content. If you have another partition other than C:, then install it there because C: can risk to become full → Next.

Once this is done, you should wait for the installation to finish.

Advanced Configuration

In this chapter, we will see how to create a virtual machine. Firstly, we should open the Hyper-V manager and then follow the steps given below.

Step 1 − Open “Server Manager” → and then Click on “Hyper-V”.

Step 2 − Click “New” on the Right side Panel or click on Action button in the options as shown in the screenshot below.

Step 3 − Double Click on the Virtual Machine option as shown in the following screenshot.

Step 4 − A new table will be open → Type the Name of your new machine and then click Next.

Step 5 − A new table will be open where you must allocate the memory. Keep in mind that you cannot choose more memory than what you have in your system.

Step 6 − In the Connection dropdown box, choose you physical network adaptor and click Next.

Step 7 − Now it is time to Create a Virtual Hard disk. If you already have one, choose the second option.

Step 8 − Select the Image of ISO that should be installed and then click Finish.

Step 9 − Connect to the Virtual machine. To do so, Right Click on the machine name and then → Connect.

Step 10 − After that, the Installation of your ISO will continue.

Windows Server 2016 - Hyper-V

Virtualization is one of the most important technology feature and Microsoft has invested on this and the responsible role is called as Hyper-V.

Let us now see how to install the Hyper-V Role, for doing this we should follow the steps given below.

Step 1 − To Install DNS role go to “Server Manager” → Manage → Add Roles and Features.

Step 2 − Click Next.

Step 3 − Select the Role-based or feature-based installation option → click Next.

Step 4 − I will install a Local Hyper-V role as it will Select a server from the server pool → Next.

Step 5 − From the Roles lists, check the Hyper-V Server role → click Add Features on the popup windows which show up and then → Next.

Step 6 − Click Next.

Step 7 − Choose your server’s physical network adapters that will take part in the virtualization → Next.

Step 8 − Under Migration, leave the default settings → Next.

Step 9 − Choose the path where to save the file.

Step 10 − Click Install and wait for the installation bar to finish.

Windows Server 2016 - IIS Security

The IIS (Internet Information Services) is facing internet all the time. So, it is important to follow some rules in order to minimize the risk of being hacked or having any other security issues. The first rule is to take all the updates of the system regularly. The second one is to create different application polls to this, which can be done by following the steps shown below.

Step 1 − You have to go to: Server Manager → Internet Information Services(IIS) Manager → Application Pulls.

Step 2 − Click “Sites” → Right Click “Default Website” → Manage Website → Advance Settings.

Step 3 − Select the Default Pools.

Step 4 − Disable the OPTIONS method, this can be done by following the path – Server Manager → Internet Information Services (IIS) Manager → Request Filtering.

Step 5 − In the action pane, select "Deny Verb" → Insert ‘OPTIONS’ in the Verb → OK.

Step 6 − Enable Dynamic IP Restrictions blocks by going to – IIS Manager → Double click on "IP Address and Domain Restrictions" → Actions pane.

Step 7 − Then select "Edit Dynamic Restriction Settings" → Modify and set the dynamic IP restriction settings according to your needs → press OK.

Step 8 − Enable and Configure Request Filtering Rules, to do this – IIS Manager → Double click on "Request Filtering" → Change to the Rules tab → Actions Pane.

Step 9 − Then select "Add Filtering Rule" → Set the required rules → Click OK.

Step 10 − Enable logging, to do this we need to follow this path – IIS Manager → select the specific site you want to configure → Logging.

Windows Server 2016 - IIS Overview

The IIS or Internet Information Services role is one of the most important services in Windows Server 2016. It has improved features as compared to its previous versions and it helps us to publish web application or webpages.

Let us now see how to install the IIS Role for which you will have to follow the steps given below.

Step 1 − To Install IIS role, go to “Server Manager” → then Manage → and then to Add Roles and Features.

Step 2 − Click on Next in the window which pops up.

Step 3 − Select the Role-based or feature-based installation option and then click on Next.

Step 4 − I will install a Local IIS role as it will Select a server from the server pool → then click on Next.

Step 5 − From the Roles lists, check the “Web server” (IIS) Server role → Next.

Step 6 − Click Next.

Step 7 − Click Next.

Step 8 − You can choose all the default setting or customize them according to you needs.

Step 9 − Click Install.

Step 10 − Wait until the Installation Wizard finishes. Once it is done click Close.

Step 11 − Check if your IIS is installed correctly. This can be done by opening your internet explorer and then typing http://localhost and you should be able to see the following screenshot.