Site icon RDR-IT

Install WSUS role on Windows Server 2025

In this tutorial, we will see how to install the WSUS (Windows Server Update Services) role on Windows Server 2025, which will allow you to have a server in your environment to control the distribution of updates for Microsoft products (Windows, Office, SQL Server, etc.). The WSUS role is also a “component” of MECM, because it relies on the WSUS service to manage update packages.

WSUS is found in companies mainly for 2 reasons:

To work, WSUS needs a database and there are three solutions:

Before installing the WSUS role, we will install SQL Server 2022 Express on our WSUS server. Regarding hardware requirements, plan for at least 2CPU with 8Gb of memory and two hard drives, the first for the system and the second for storing updates and the database, the size of this second disk will mainly depend on whether you store updates on the server and also on the number of products and types of updates that you will manage.

In September 2024, Microsoft announced the end of development of the WSUS role, it will still be present on Windows Server 2025, but from now on, we must think about looking for a patch management solution to anticipate the end of WSUS.

Install SQL Server Express for WSUS

Start by downloading SQL Express from the Microsoft website, at the time of writing this tutorial I was using the version SQL Server 2022 Express.

Once downloaded, run the file.

Select installation type: Basic 1.

Click the Accept button 1 to accept the terms of the license agreement.

If necessary, change the installation location and then click Install 1.

Please wait while SQL Server Express is downloaded and installed…

SQL Server Express is installed, click the Close button 1.

Restart the server.

We will now move on to installing the WSUS role.

Installing WSUS Role on Windows Server 2025

From Server Manager, launch the wizard by clicking Add Roles and Features 1.

When launching the wizard, click on the Next button 1.

Choose: Role-based or feature-based installation 1 and click the Next button 2.

Select the server 1 where the WSUS role will be deployed and then click Next 2.

In the list of roles, check the Windows Server Update Services (WSUS) Service 1 box.

The WSUS role requires adding several features to Windows Server, including the IIS role for the web server, click the Add Features button 1.

With the roles (WSUS and IIS) selected, click the Next button 1 in the wizard.

Skip the list of features by clicking Next 1.

A summary of the WSUS role is displayed, click Next 1.

As you can see, by default WSUS is configured to use the internal WID database.

Uncheck WID Connectivity 1 then check SQL Server Connectivity 2 then click the Next button 3.

Specify the location 1 where the updates are stored on the server and then click Next 2.

Here for the lab I used the C: (System) disk, in a production environment use another disk.

Enter the name of the SQL instance 1 then click on the Next button 2.

You can test the instance name and its connection by clicking the Check Connection button before proceeding to the next step.

Skip the next two steps by clicking Next 1, it deals with the IIS role which is the web server used by WSUS.

Finally, click on the Install button 1.

Wait for the installation which is quite quick between 2 and 5 minutes depending on the server configuration.

When the installation is complete, exit the installation wizard by clicking the Close button 1.

We have completed the installation of the components necessary for the installation of the WSUS role.

WSUS post-installation configuration

Now we will move on to the “general” configuration of WSUS, where we will choose which types of updates will be deployed by WSUS and also for which Microsoft products.

On Server Manager there is a notification, click on flag 1 then click on Start post-installation tasks 2.

This step should launch a configuration wizard, if it does not open, launch the WSUS console which is available through Server Manager in the Tools list.

We arrive at a new wizard which will allow us to configure WSUS, click on the Next button 1.

At this stage, it is up to you to decide whether you wish to participate in the improvement program. Once you have made your choice, click on Next 1.

At this stage Microsoft asks us from which location we want to download the updates, there are 2 choices:

Here we will choose the option Synchronize from Microsoft update 1 and then click on the Next button 2.

If a proxy is used to go to the Internet, configure it and click Next 1.

Click on the Start Connection button 1.

This step is quite long, for my part 30 to 45 minutes…

Once the operation is completed, click on the Next button 1.

Start by selecting the languages ​​1 for updates and then click Next 2.

Then select the products 1 that you use in order to have the distribution of updates carried out by WSUS 1 then click on Next 2.

Then select the type (classification) 1 of updates you want to distribute using WSUS and click Next 2.

The more products and classifications you select, the “bigger” the WSUS database will be and the more disk space you will need on the server for local update storage.

Configure WSUS server synchronization, here I chose automatic synchronization at 22:00:00 every day 1, then click Next 2.

Check the box: Start initial synchronization 1 and click Next 2.

WSUS configuration is complete, click Finish 1 to close the wizard.

We are done with WSUS configuration.

Utiliser WSUS

Launch the WSUS console and go to Synchronization 1, you should be able to follow the progress of the first synchronization.

This first synchronization may take several hours, while WSUS retrieves the list of updates corresponding to the selected products and classifications.

Going to All Updates, you should start seeing available updates.

Your WSUS server on Windows Server 2025 is up and running.

To continue with the configuration and use of the WSUS role on Windows Server 2025, I invite you to read this tutorial: WSUS – Installation and configuration – Windows Server Update Service, in the second part, I explain how the validation of updates works as well as how to connect the computers present in your environment to WSUS so that they can use it.

If you do not want updates to be downloaded locally on the WSUS server, this is possible and optimized with computers from Windows 10 and Windows Server 2016 which allow downloading of updates in P2P in the local network.


You now have all the information you need to set up WSUS with Windows Server 2025.

A quick security reminder: keeping your computer system up to date, as well as all of its software, is important to have the highest possible level of security by correcting the various flaws in the software.

Exit mobile version