Windows Server Update Services (WSUS)Windows Server Update Services (WSUS)

適用於:Windows Server (半年通道)、Windows Server 2019、Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Windows Server Update Services (WSUS) 能夠讓資訊技術管理員部署最新的 Microsoft 產品更新。Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates. 您可以使用 WSUS 充分地管理如何將 Microsoft Update 所發行的更新,散佈到您網路的電腦上。You can use WSUS to fully manage the distribution of updates that are released through Microsoft Update to computers on your network. 這個主題提供這個伺服器角色的概觀,以及如何部署和維護 WSUS 的詳細資訊。This topic provides an overview of this server role and more information about how to deploy and maintain WSUS.

WSUS 伺服器角色描述WSUS Server role description

WSUS 伺服器提供您透過管理主控台來管理和散發更新時所需的功能。A WSUS server provides features that you can use to manage and distribute updates through a management console. WSUS 伺服器也可以是組織內其他 WSUS 伺服器的更新來源。A WSUS server can also be the update source for other WSUS servers within the organization. 做為更新來源的 WSUS 伺服器稱為「上游伺服器」。The WSUS server that acts as an update source is called an upstream server. 在 WSUS 實作中,網路中至少要有一部 WSUS 伺服器必須能夠連線到 Microsoft Update,以取得可用的更新資訊。In a WSUS implementation, at least one WSUS server on your network must be able to connect to Microsoft Update to get available update information. 身為系統管理員,您可以根據網路安全性和設定,決定有多少其他 WSUS 伺服器可以與 Microsoft Update 直接連線。As an administrator, you can determine - based on network security and configuration - how many other WSUS servers connect directly to Microsoft Update.

實際應用Practical applications

更新管理是控制過渡版軟體發行到生產環境的部署及維護的程序。Update management is the process of controlling the deployment and maintenance of interim software releases into production environments. 它幫助您維護運作效率、克服安全性弱點以及維護生產環境的穩定性。It helps you maintain operational efficiency, overcome security vulnerabilities, and maintain the stability of your production environment. 如果您的組織無法判斷和維護作業系統與應用程式軟體內已知的信任層級,就可能出現一些安全性弱點,如果利用這些弱點,就會造成利潤和智慧財產權的損失。If your organization cannot determine and maintain a known level of trust within its operating systems and application software, it might have a number of security vulnerabilities that, if exploited, could lead to a loss of revenue and intellectual property. 為了將這個威脅的影響降到最小,您必須適當設定系統、使用最新的軟體以及安裝建議的軟體更新。Minimizing this threat requires you to have properly configured systems, use the latest software, and install the recommended software updates.

WSUS 為您企業提供附加價值的核心案例如下:The core scenarios where WSUS adds value to your business are:

  • 集中管理更新Centralized update management

  • 更新管理自動化Update management automation

新功能和變更的功能New and changed functionality


從支援 WSUS 3.2 的任何 Windows Server 版本升級到 Windows Server 2012 R2 時,需要先解除安裝 WSUS 3.2。Upgrade from any version of Windows Server that supports WSUS 3.2 to Windows Server 2012 R2 requires that you first uninstall WSUS 3.2.

在 Windows Server 2012 中,如果在安裝程序中偵測到 WSUS 3.2,就會封鎖安裝了 WSUS 3.2 的任何 Windows Server 版本進行升級。In Windows Server 2012, upgrading from any version of Windows Server with WSUS 3.2 installed is blocked during the installation process if WSUS 3.2 is detected. 在這種情況下,系統會提示您在升級伺服器之前,必須先解除安裝 Windows Server Update Services。In that case, you will be prompted to first uninstall Windows Server Update Services prior to upgrading your server.

不過,因為此版本 Windows Server 和 Windows Server 2012 R2 中的變更,所以從任何 Windows Server 版本與 WSUS 3.2 升級時,並不會封鎖安裝。However, because of changes in this release of Windows Server and Windows Server 2012 R2, when upgrading from any version of Windows Server and WSUS 3.2, the installation is not blocked. 在執行 Windows Server 2012 R2 升級前沒有先解除安裝 WSUS 3.2,會造成 Windows Server 2012 R2 中 WSUS 安裝後工作失敗。Failure to uninstall WSUS 3.2 prior to performing a Windows Server 2012 R2 upgrade will cause the post installation tasks for WSUS in Windows Server 2012 R2 to fail. 在此情況下,唯一已知的修正方法是格式化硬碟並重新安裝 Windows Server。In this case, the only known corrective measure is to format the hard drive and reinstall Windows Server.

Windows Server Update Services 是內建的伺服器角色,包含了下列增強功能:Windows Server Update Services is a built-in server role that includes the following enhancements:

  • 可以使用伺服器管理員進行新增和移除Can be added and removed by using the Server Manager

  • 包含用來管理 WSUS 中最重要系統管理工作的 Windows PowerShell CmdletIncludes Windows PowerShell cmdlets to manage the most important administrative tasks in WSUS

  • 加入 SHA256 雜湊功能,提供額外的安全性Adds SHA256 hash capability for additional security

  • 提供用戶端與伺服器個別版本:分開提供 Windows Update 代理程式 (WUA) 版本與 WSUSProvides client and server separation: versions of the Windows Update Agent (WUA) can ship independently of WSUS

使用 Windows PowerShell 管理 WSUSUsing Windows PowerShell to manage WSUS

系統管理員為了自動化他們的作業,必須透過命令列自動化來進行。For system administrators to automate their operations, they need coverage through command-line automation. 主要目標是允許系統管理員自動化他們每天的作業有助於 WSUS 系統管理。The main goal is to facilitate WSUS administration by allowing system administrators to automate their day-to-day operations.

這個變更增加了什麼價值?What value does this change add?

透過 Windows PowerShell 公開核心 WSUS 作業,系統管理員就可以提高產能、降低新工具的學習曲線,以及減少因為類似作業缺乏一致性而無法達到期望所產生的錯誤。By exposing core WSUS operations through Windows PowerShell, system administrators can increase productivity, reduce the learning curve for new tools, and reduce errors due to failed expectations resulting from a lack of consistency across similar operations.

有哪些不同?What works differently?

在舊版的 Windows Server 作業系統中,沒有提供 Windows PowerShell Cmdlet,而且更新管理自動化是一項挑戰。In earlier versions of the Windows Server operating system, there were no Windows PowerShell cmdlets, and update management automation was challenging. 適用於 WSUS 作業的 Windows PowerShell Cmdlet 為系統管理員加入了彈性和靈活度。The Windows PowerShell cmdlets for WSUS operations add flexibility and agility for the system administrator.

在本集合中In this collection

本集合中包含規劃、部署和管理 WSUS 的下列指南:The following guides for planning, deploying, and managing WSUS are in this collection: