Creating a File and Windows Server Update Services (WSUS) Server

In this step I am creating a new server using the Windows Server 2019 template created earlier in this process. The first role is providing my network with shared storage by creating a file server, then adding Windows Server Update Services (WSUS). I can install the basic services with PowerShell and use the remote administration tools on my Admin PC to manage WSUS.

Creating a File Server

Prerequisites:

• Streamline and Simplify Installs: Create a Windows Server Template
• Creating a Domain: Install Active Directory in Server Core
• Creating a Windows 10 Template and the Windows 10 Admin PC

The first step is to clone the Windows Server template into a new VM that I am going to call FileSrv. After cloning, I just start the machine and change the Administrator password.

Joining the domain in Server Core is easily done using SConfig. I changed the name on the server to FileSrv and joined the CORP domain in my lab. I also checked the network settings to make sure everything is correct.

Once the server reboots, I logged in with the Bob Admin credentials and prepared to install the File Server role. Installing the file server role is done through Powershell using the command below.

PS C:\Users\BAdmin> Install-WindowsFeature File-Services

Next I had to create a shared folder and then set the permissions using PowerShell. Here are the commands.

PS C:\Users\BAdmin> md C:\Globoshare
PS C:\Users\BAdmin> $acl = get-acl C:\GloboShare\

PS C:\Users\BAdmin> $ace = new-object system.security.AccessControl.FileSystemAccessRule('Authenticated Users', 'Modify', 'Allow')

PS C:\Users\BAdmin> $acl.AddAccessRule($ace)
PS C:\Users\BAdmin> $acl|Set-Acl

Finally I could share the folder using New-SmbShare.

PS C:\Users\BAdmin> New-SmbShare -Name Globoshare -Path C:\Globoshare -FolderEnumerationMode AccessBased -CachingMode Documents -EncryptData $True -FullAccess Everyone

Now the File share is available on the entire domain using \\Globoshare\ to access.

Installing Windows Server Update Services (WSUS)

Installing WSUS on Server Core is a little more complicated than configuring a shared file. For this role, I will need to use a combination of PowerShell commands and the admin tools on my Win10Admin PC. The first step is installing the Windows Feature in PowerShell.

PS C:\Users\BAdmin> Install-WindowsFeature UpdateServices -Restart

After installing, I need to run a post install task using this command.

PS C:\Users\BAdmin> "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS

Next I need to enable remote administration of this server. That involves adding Web Management Service, along with ensuring it starts up automatically on reboot. I also need to make a registry change to enable remote management.

PS C:\Users\BAdmin> Install-WindowsFeature Web-Mgmt-Service

PS C:\Users\BAdmin> reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server /v EnableRemoteManagement /t REG_DWORD /d 00000001

PS C:\Users\BAdmin> Set-Service WMSVC -StartupType "Automatic"
PS C:\Users\BAdmin> Start-Service WMSVC

From here the remaining steps are done in the remote admin tool. I followed the prompts and selected Microsoft Update as my upstream provider. This step took a long time for the initial sync.

After that I selected the language and products that apply to my domain, along with the classifications. Then I configured the Synchronization schedule.

After finishing I chose to begin the initial synchronization.

With that, my new server is ready to go. I installed file services, created a network share, and configured WSUS so my machines have a single update server where I can approve each update. Next I have some group policy changes and other domain changes to make from RSAT on the Windows 10 Admin PC.