Windows 服务器更新服务 (WSUS)Windows Server Update Services (WSUS)

适用于:Windows Server(半年频道)、Windows Server 2019、Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Windows Server Update Service (WSUS) 启用信息技术管理员部署最新的 Microsoft 产品更新。Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates. 你可以使用 WSUS 全面管理通过 Microsoft Update 发布到网络中计算机的更新的分发。You can use WSUS to fully manage the distribution of updates that are released through Microsoft Update to computers on your network. 本主题概述了此服务器角色并提供了有关如何部署和维护 WSUS 的详细信息。This topic provides an overview of this server role and more information about how to deploy and maintain WSUS.

WSUS 服务器角色描述WSUS Server role description

WSUS 服务器提供了通过管理控制台管理和分发更新时可以使用的功能。A WSUS server provides features that you can use to manage and distribute updates through a management console. WSUS 服务器还可以作为组织内其他 WSUS 服务器的更新源。A WSUS server can also be the update source for other WSUS servers within the organization. 充当更新源的 WSUS 服务器称为上游服务器。The WSUS server that acts as an update source is called an upstream server. 在 WSUS 实现中,网络中必须至少有一台 WSUS 服务器能够连接到 Microsoft 更新来获取可用的更新信息。In a WSUS implementation, at least one WSUS server on your network must be able to connect to Microsoft Update to get available update information. 作为管理员,你可以根据网络安全和配置来决定多少其他 WSUS 服务器直接连接到 Microsoft 更新。As an administrator, you can determine - based on network security and configuration - how many other WSUS servers connect directly to Microsoft Update.

实际的应用程序Practical applications

更新管理是控制在生产环境中部署和维护中期软件版本的过程。Update management is the process of controlling the deployment and maintenance of interim software releases into production environments. 它帮助你维护操作效率,解决安全漏洞问题以及维持你的生产环境的稳定性。It helps you maintain operational efficiency, overcome security vulnerabilities, and maintain the stability of your production environment. 如果你的组织无法确定和维持其操作系统和应用软件中已知的信任级别,则可能存在许多安全漏洞,一旦被利用,则会引发收入和知识产权损失。If your organization cannot determine and maintain a known level of trust within its operating systems and application software, it might have a number of security vulnerabilities that, if exploited, could lead to a loss of revenue and intellectual property. 最大限度降低这种威胁需要你拥有正确配置的系统、使用最新软件和安装推荐的软件更新。Minimizing this threat requires you to have properly configured systems, use the latest software, and install the recommended software updates.

WSUS 为你的企业增加价值的核心方案:The core scenarios where WSUS adds value to your business are:

  • 集中式更新管理Centralized update management

  • 更新管理自动化Update management automation

新功能和更改的功能New and changed functionality

备注

若要从支持 WSUS 3.2 的任意 Windows Server 版本升级到 Windows Server 2012 R2,首先需要卸载 WSUS 3.2。Upgrade from any version of Windows Server that supports WSUS 3.2 to Windows Server 2012 R2 requires that you first uninstall WSUS 3.2.

在 Windows Server 2012 中,从装有 WSUS 3.2 的任意 Windows Server 版本升级时,如果在安装过程中检测到 WSUS 3.2,则升级将被阻止。In Windows Server 2012, upgrading from any version of Windows Server with WSUS 3.2 installed is blocked during the installation process if WSUS 3.2 is detected. 在这种情况下,系统会提示你在升级服务器之前首先卸载 Windows Server Update Services。In that case, you will be prompted to first uninstall Windows Server Update Services prior to upgrading your server.

但是,由于此版本的 Windows Server 和 Windows Server 2012 R2 中的更改,在从任意 Windows Server 版本和 WSUS 3.2 进行升级时,安装不会被阻止。However, because of changes in this release of Windows Server and Windows Server 2012 R2, when upgrading from any version of Windows Server and WSUS 3.2, the installation is not blocked. 在执行 Windows Server 2012 R2 升级之前不卸载 WSUS 3.2 将会导致 Windows Server 2012 R2 中 WSUS 的安装后任务失败。Failure to uninstall WSUS 3.2 prior to performing a Windows Server 2012 R2 upgrade will cause the post installation tasks for WSUS in Windows Server 2012 R2 to fail. 在此情况下,唯一已知的纠正措施就是格式化硬盘驱动器,然后重新安装 Windows Server。In this case, the only known corrective measure is to format the hard drive and reinstall Windows Server.

Windows Server Update Service (WSUS) 是包含以下增强功能的内置服务器角色。Windows Server Update Services is a built-in server role that includes the following enhancements:

  • 可使用服务器管理器进行添加和删除Can be added and removed by using the Server Manager

  • 提供了 Windows PowerShell cmdlet,用来管理 WSUS 中最重要的管理任务Includes Windows PowerShell cmdlets to manage the most important administrative tasks in WSUS

  • 添加 SHA256 哈希功能,提高安全性Adds SHA256 hash capability for additional security

  • 提供了客户端和服务器分离:Windows 更新代理 (WUA) 的版本提供与 WSUS 独立开来Provides client and server separation: versions of the Windows Update Agent (WUA) can ship independently of WSUS

使用 Windows PowerShell 管理 WSUSUsing Windows PowerShell to manage WSUS

如果系统管理员想自动化其操作,则通过命令行自动化确定操作范围。For system administrators to automate their operations, they need coverage through command-line automation. 主要目标是通过允许系统管理员自动化其日常操作,促进 WSUS 管理。The main goal is to facilitate WSUS administration by allowing system administrators to automate their day-to-day operations.

这一更改增添了什么价值?What value does this change add?

通过 Windows PowerShell 陈列核心 WSUS 操作,系统管理员可以提高工作效率,缩短新工具的学习时间,并减少由于相似操作之间缺乏一致性而未能达到预期效果所产生的错误。By exposing core WSUS operations through Windows PowerShell, system administrators can increase productivity, reduce the learning curve for new tools, and reduce errors due to failed expectations resulting from a lack of consistency across similar operations.

工作原理的不同之处是什么?What works differently?

在早期版本的 Windows Server 操作系统中,不存在 Windows PowerShell cmdlet,更新管理自动化充满挑战。In earlier versions of the Windows Server operating system, there were no Windows PowerShell cmdlets, and update management automation was challenging. 适用于 WSUS 操作的 Windows PowerShell cmdlet 为系统管理员增加灵活性和敏捷性。The Windows PowerShell cmdlets for WSUS operations add flexibility and agility for the system administrator.

本集合的内容In this collection

本集合中包括了用于规划、部署和管理 WSUS 的以下指南:The following guides for planning, deploying, and managing WSUS are in this collection: