Endpoint Configuration for WSUS

• Verify that the ports 8530/8531 are open on the WSUS server for the endpoints to register
• Register the endpoints to the WSUS server (this can be done either by domain policy or local policy). In order to register endpoints to WSUS:
  • Open the group policy of the endpoint (start->run->gpedit.msc)
  • Configure Updates by going to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Updates ->
    • Configure Automatic Updates -> Enabled and set to “notify for download and notify for install”
      • Note: if you want to auto-download on patch approval, set to "auto download and notify for install"
    • Specify intranet Microsoft update service location -> Enabled and set both URL’s to http://wsusserverip:8530 (if using SSL use https and  8531)
  • Enable PowerShell execution policy to run scripts
• Open Command Prompt and run the following commands to use the new policy and to register it on WSUS
  
  • gpupdate /force
  • wuauclt /resetauthorization /detectnow /reportnow
  • Note1: if the machine is still not reporting to WSUS, open windows update agent, check for updates, and verify if that is working.  If not, troubleshoot.  If it does work, go back to WSUS, refresh, and see if the endpoint is now reporting.

JetPatch Configuration for WSUS

Recommendation: Have all endpoints registered and reporting to the WSUS server (as per the above steps). It is also suggested to have the endpoints in WSUS groups before using JetPatch.

Note: You can only add one WSUS server as discovery source to JetPatch. For more WSUS servers use a primary-replica or primary-autonomus setup.

• Add the WSUS server to JetPatch
• Add and assign an administrative account to the WSUS server
• Deploy the JetPatch connector on the WSUS server
• Add the WSUS discovery source

Related Articles 

• WSUS Scripts 
• Endpoint Readiness Scripts
• Recommended maintenance operations on WSUS