Many organizations find themselves patching the endpoints in their environment, but in the end of the day, the most critical server is not being patched and is vulnerable.
This article provides guidelines on how to patch your WSUS server in a way which will not affect the patching procedure of the rest of your environment.
Step 1: Configure the WUA of WSUS to point itself
Note: Replica WSUS must point to Primary WSUS
Step 2: Create a Separate Group for WSUS server
4.2.2 and above: JetPatch has done this for you automatically.
4.1.2 and before: In the WSUS server, create a new computer group and add the WSUS server to it. We recommend naming the group with a catchy name, so you won't add any other servers. (For example Only_WSUS_Server)