Lately, I’ve been working with Johan Arwidmark’s Hydration Kit For Windows Server 2016 and ConfigMgr Current / Technical Preview Branch. A great tool to enroll a full blown SCCM and/or MDT deployment.

Automating WSUS installation through MDT

One of the servers you can deploy with this tool is a WSUS server. What struck me was that despite the task sequence to perform the base installation of the server is available within MDT, WSUS itself isn’t installed or configured.


Installing WSUS isn’t a straight forward process. Although it looks like ‘Windows Server Update Services’ is just a two check mark operation, reality is a bit different. A lot of prerequisites have to be met too, to be able to install this feature:

  • Roles
    • Web Server (IIS)
      • Web Server
        • Common HTTP Features
          • Default Document
          • Static Content
        • Performance
          • Dynamic Content Compression
        • Security
          • Request Filtering
          • Windows Authentication
        • Application Development
          • .NET Extensibility 4.6
          • ASP .NET 4.6
          • ISAPI Extensions
          • ISAPI Filters
        • FTP Server
          • FTP Service
        • Management Tools
          • IIS Management Console
          • IIS 6 Management Compatibility
            • IIS 6 Metabase Compatibility
    • Windows Server Update Services
      • WSUS Services
      • SQL Server Connectivity
  • Feature
    • .NET Framework 4.6 Features
      • ASP.NET 4.6
    • WCF Services
      • HTTP Activation
    • Remote Server Administration Tools
      • Role Administration Tools
        • Windows Server Update Services Tools
          • API and PowerShell cmdlets
          • User Interface Management Console
    • Windows Process Activation Service
      • Configuration APIs

By default, WSUS relies on the Windows Internal Database (WID) feature. But in this scenario, I’ve chosen to make use of the already available SQL Server Express installation on WSUS01.

Post-installation tasks

Just adding this set of roles and features to WSUS01 isn’t enough to automate the entire installation. We still have to run manually through the post-installation tasks. To avoid that we’re going to create a PowerShell ‘script’, which we can later add as an application to the tasks sequence.

What this script will do, is run the wsusutil.exe postinstall tasks. The SQL Instance Name will be configured to use the local SQLExpress database instance WSUS01\SQLExpress. The Content Directory (the location where WSUS will store the actual updates) will be configured as E:\WSUS\.

Solution: Hydration
Purpose: Used to postinstall configure Windows Update Services 
Version: 1.0 - May 22, 2017

This script is provided "AS IS" with no warranties, confers no rights and 
is not supported by the authors or Deployment Artist. 

Author - Sven van Rijen
    Twitter: @svenvanrijen
    Blog   : .

# Determine where to do the logging 
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment 
$logPath = $tsenv.Value("LogPath") 
$logFile = "$logPath\$($myInvocation.MyCommand).log" 

# Start the logging 
Start-Transcript $logFile 
Write-Host "Logging to $logFile" 

# Start the postinstall config of WSUS
Set-Location 'C:\Program Files\Update Services\Tools'
.\WsusUtil.exe postinstall SQL_INSTANCE_NAME=WSUS01\SQLExpress Content_Dir=E:\WSUS\

# Stop logging 

Save this script as c:\setup\Configure - WSUS\Configure-WSUS.ps1.

The script can also be found here.

After creating this script, add a new application to the Applications section in the Deployment Workbench tool.

Add application

  • Right-click Applications and choose New Application. Use the following settings in the New Application Wizard:
    • Application with source files
    • Publisher: <blank>
    • Application name: Configure - WSUS
    • Version: <blank>
    • Source Directory: C:\Setup\Configure - WSUS
    • Specify the name of the directory that should be created: Configure - WSUS
    • Command Line: powershell.exe -Command “set-ExecutionPolicy Unrestricted -Force; cpi ‘%DEPLOYROOT%\Applications\Configure - WSUS\Configure-WSUS.ps1’ -destination c:\; c:\Configure-WSUS.ps1; ri c:*.ps1 -Force; set-ExecutionPolicy Restricted -Force”
    • Working directory: <default>

Customize the task sequence

Based on the info above, we’re able to customize the default WSUS01 task sequence of the Hydration Kit in the Deployment Workbench tool.

  • Select the ‘Task Sequences’ section in the Deployment Workbench tool.

  • Right-click the ‘WSUS01 - Full Installation’ task sequence, and click Properties.

WSUS01 - Full Installation task sequence

  • First, create a new group after the ‘Install - SQL Server Management Studio’ item. Name this group ‘Install - WSUS’.

Add WSUS installation steps

  • Within this group, add a new Roles > Install Roles and Features task. Name this task ‘Install - WSUS’.

  • Select the features and roles as described above.

  • Click Apply.

  • After the newly created task, create another task (Add > General > Install Application) and name this task Configure - WSUS. Use the following settings:
    • Name: Configure - WSUS
    • Install a Single Application: Configure - WSUS
  • After the Install - Microsoft Visual C++ 2015 - x86-x64 action, add a Computer Restart action.

  • Click OK.

Now you are ready to deploy WSUS01:

  • Hard drive: 300 GB (dynamic disk)
  • Memory: 2 GB RAM minimum, 4 GB recommended
Planet Powershell