WSUS

Install WSUS

Install-WindowsFeature -Name UpdateServices -IncludeManagementTools (Using WID)
Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementTools (Using SQL)
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools -IncludeAllSubFeature (Does not work, database must be WID or SQL, can not be both)
Configure the download location
- cd "C:\Program Files\Update Services\Tools"
- .\WsusUtil.exe PostInstall CONTENT_DIR=D:\WSUS

Store updates locally (D:\WSUS)
Synchronize from Microsoft Update (or Synchronize from another Windows Server Update Services server:8530)
Use a proxy server when synchronizing (optional)
Start Connecting
Select Languages
Choose Products (Windows 10, Office 2016, etc)
Choose Classifications
- Critical Updates
- Definition Updates
- Driver Sets
- Drivers
- Feature Packs
- Security Updates
- Service Packs
- Tools
- Update Rollups
- Updates
- Upgrades
Synchronize schedule
Begin initial synchronization (optional)
Finish

Using SSL with WSUS
Create computer groups
Assign computers to groups using Group Policy
- From WSUS administration console, click Options->Computer, You can specify how to assign computers to groups
  - Use the Update Services console
  - Use Group Policy or registry settings on computers
    - Computer Configuration\Policies\Windows Settings\Administrative Templates\Windows Components\Windows Update\Enable client-side targeting
    - Computer Configuration\Policies\Windows Settings\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location
    - Computer Configuration\Policies\Windows Settings\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates (Auto download and notify for install)
Configure aoto-approval rules
- When an update is in Critical Updates, Security Updates, Approve the update for all computers (example)