Installing and configuring WSUS on Windows Server 2012

wsus2Windows Server Update Services (WSUS) is used to distribute Microsoft patches, hotfixes and security updates in an environment. WSUS is counted as a basis of security management  to make sure every computer is up to date and does not have any security vulnerabilities.

It is a role in Windows Server 2012, also it can be downloaded from Microsoft web site and installed on server.  

  1. Open Server Manager console, click Add roles and features, then Next
  2. Select Role-based or feature-based installation, and click Next
  3. Choose Select a server from the server pool, select your desired server, then click Next
  4. Scroll down to select Windows Server Update Services. Some features like .NET and IIS should be installed before WSUS installed. So hit Add Features button to install them. The click on Next 4 times.
  5. On Content Location selection, you should specify a path for the updates to be stored locally. I will use C:\WSUS, and click Next, then Install
  6. Wait some times for the installation to be completed. Then click on Close
  7. Click Notifications on Server Manager window, then click on Launch Post-Installation tasks,wait again some moments
  8. Go to Administrative Tools, and open Windows Server Update Services
  9. At the first time, a wizard starts. Click on Next  twice
  10. On next page, because it is the first WSUS server, select Synchronize from Microsoft Update, then click on Next
  11. If you use a proxy server to connect to the Internet, specify its settings, and click Next
  12. Click Start Connecting to download update information
  13. Select Download updates only in these languages, and select the languages for which you want updates, then click Next
  14. The next page lets you specify the products for which you want updates. Select them and click Next
  15. The classifications page allows you to specify the update classifications you want to obtain. Select them as required , then click Next
  16. If you choose Synchronize automatically, the WSUS server will synchronize at set intervals. Set the time of the First synchronization and specify the number of Synchronizations per day that you want this server to perform. And click Next
  17. Leave the check boxes intact, and click Finish
  18. The next step is to configure Group Policy to configure clients to be updated via WSUS server. So open Group Policy
  19. Expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update
  20. In the details pane, double-click Configure Automatic Updates. Click Enabled, then OK
  21. In the Windows Update details pane, double-click Specify intranet Microsoft update service location. Click Enabled, and specify the server name in both boxes. Here it is http://Server1.CyrusBesharat.local. Click OK
  22. The computers take a while to be located in WSUS console. Be sure to approve the updates before deploying to the clients

How to install IIS 8?

IIS 8If you want to host a web site in the Internet or intranets, you’ll need a web server. This article deals with Microsoft web server by the name of Internet Information Services (IIS). The version that is shipped with Windows Server 2012 is IIS 8. So keep reading through the end for installing IIS 8.


  1. Click on Server Manager icon to open it
  2. Click Add roles and features, then click Next
  3. Select Role-based or feature-based installation, and click Next
  4. Choose Select a server from the server pool, select your server, then click Next
  5. Scroll down, select Web Server (IIS), click Add Features, click on Next three times
  6. Leave the default role services intact, then hit on Next, and Install
  7. Wait for the installation to be completed, then click Close
  8. To make sure that IIS is installed successfully, open Internet Explorer and type http://localhost, then hit enter. The result will be the default page like the above picture.

As usual, the second method after GUI, is PowerShell. So,


  1. Open PowerShell console with an administrative right
  2. Type and execute this command:

Install-WindowsFeature Web-WebServer -IncludeManagementTools

Active Directory ports

Active DirectoryActive Directory uses some ports for authentication and replication. And if you have a firewall, keep in mine these ports should be opened in the firewall, in order for Active Directory to work properly. 

135 (TCP) RPC(Remote Procedure Call) for AD replication & File Replication Services(FRS)
389 (TCP) LDAP
639 (TCP) LDAP over SSL
88 & 464 (TCP & UDP) Kerberos
3268 (TCP) Global Catalog
3269 (TCP) Global catalog over SSL
137 & 138 (UDP) NetBIOS
139 & 445 (TCP) SMB
53 (TCP & UDP) DNS
123 (UDP) NTP

Managing Active Directory accounts using PowerShell

powershellYou leaned how to create Active Directory user accounts in “Adding user accounts in Active Directory of Windows Server 2012”, and now you will learn to mange accounts with PowerShell. I list the below PowerShell commands with descriptions.

These commands applies to Windows Server 2008 R2 and Windows Server 2012.

PowerShell command Command description
New-ADUser Creates a new AD user
Remove-ADUser Removes an AD user
Set-ADAccountPassword Modifies the password of an AD account
Set-ADAccountExpiration Sets the expiration date for an AD account
Clear-ADAccountExpiration Clears the expiration date for an AD account
Enable-ADAccount Enables an AD account
Disable-ADAccount Disables an AD account
Unlock-ADAccount Unlocks an AD account
Set-ADUser Modifies an AD user
Search-ADAccount Gets AD user account
Set-ADAccountControl Modifies user account control (UAC) values for an AD account
Get-ADUser Gets one or more AD users
Get-ADUserResultantPasswordPolicy Gets the resultant password policy for a user
Add-ADGroupMember Adds one or more users to an AD group
Remove-ADGroupMember Removes one or more users from an AD group
Add-ADPrincipalGroupMembership Adds a user to one or more AD groups
Remove-ADPrincipalGroupMembership Removes a user from one or more AD groups

Adds users to the Allowed List or the Denied List of the readonly
domain controller (RODC) Password Replication Policy (PRP)


Removes users from the Allowed List or the Denied List of the RODC PRP

Add-ADFineGrainedPasswordPolicySubject Applies a fine-grained password policy to one or more users
Remove-ADFineGrainedPasswordPolicySubject Removes one or more users from a fine-grained password policy

For fetching more information about each command, just put Get-Help before every command to see the full guide for that command.

%d bloggers like this: