WSUS - Operations

When deploying server bear in mind that the server will probably use about 15-30GB of space. The server and clients use BITS to download updates.
Synchronizing does not cause the server to start downloading updates - it just downloads metadata of all available updates. The server will start downloading actual updates only once updates are approved. The actual size depends on the type of download and the languages you have selected. You have Express downloads which basically only transfers delta changes to clients rather than full updates - this reduces the amount of data transferred to clients - but increases download sizes from MS Update by about 300-400%!! The normal setting transfers full updates to clients but does not increase download sizes from MS. This is critical if customer servers are on an unshaped + capped service (Telstra Business) - if this is the case it is worthwhile getting hold of the Custdata login so bandwidth utilization can be tracked.

NB!!!:
The settings on the options panel don't seem to get applied retrospectively if you accidentally select the incorrect settings and then synchronize - so changed settings are only applied to newly synchronized updates - Your options are to temporarily stop all update downloads (see below) and selectively download each one you need and decline the rest - or reset the entire WSUS system entirely.

Recommended Settings:
In the console:
Options

Update Source
- Set to Synchronize with MS Update

Products and Classifications
- Select only the products you need to keep track of.
- For Classifications select:
Critical Updates
Definition Updates
Security Updates
Service Packs
Update Rollups
Updates

Update Files and Languages
NB: The options on this panel are critical to the download sizes and volumes downloaded from MS Update!!
- Set to Store update files locally on this server
- Select Download update files to this server only when updates are approved
- NEVER select Download express installation files!!
- NB!!! go to the next tab: Update languages - and select only the languages you need...The default is to download all languages!!!

Synchronization Schedule
- Set to automatic and once a day - early morning is best.

Automatic Approvals
- Check the box to enable
- Edit and select the classifications appropriately - I would not select Service Packs here - large download sizes.

Computers
- Assign via Group Policy and create the relevant GPOs and link them in.

To track pending downloads and current downloads:
Go to Updates > All Updates
for Approval - Any Except Declined
for Status - Failed or Needed
Enable the File Status, Release Date and Arrival Date columns
Apply to all views
Sort by File Status to see queued downloads - To temporarily stop downloads - Select all downloading updates and Cancel Download - about 30 sec later the BITS queue will be empty.
From command line run
bitsadmin /list /allusers (/verbose gives more info)
and you will see the BITS download queue

To track bandwith utilization from MS update
Open Resource Monitor
In the Network area - look for: svchost.exe (netsvcs) and under Address something like: a72-247-247-26 - this will correspond to an Akami server.

To force clients to check for updates run from commandline
wuauclt.exe /detectnow