How to install and setup WSUS for the first time

Setting up WSUS:
(h/t Boris)

Open Server Manager, go to Tool and select Windows Server Update Service from the drop down

When the window opens, expand the left pane tree to All Computers, right click on it and select Add Computer Group…

In the left pane, click on Options, then click on Computers

Make sure the Use Group Policy… halo is select, click OK to close

Close the windows, go back to Server Manager, go to Tools and select Active Directory Users and Groups from the drop down

In AD expand the domain in the left pane and find the Computers group, then right click in the right pane, select New and Group

In the new window, type in the group name for the WSUS service, i.e. “Critical Servers”, then click OK to close

Right click on the group just created and select Properties

Go to the Members tab, click Add and find the computers you want to add to the group, click OK to close

Close the windows, go back to Server Manager, go to Tools and select Group Policy Management from the drop down

In the new window, expand the left tree pane to the Domains, right click on the domain and select Create a GPO in this domain, and Link it here…

In the popup, end the new name for the GPO, i.e. “WSUS Critical Server”, click OK to close

In the GPO, in the Scope tab, under Security Filter, click Add to add the group previously made in the AD

In the left pane, right click on the GPO and click Edit

A Group Policy Management Editor will open, expand the left pan tree to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update, find Enable client-side targeting and double click on it

Enable the policy, and under Options enter the name of the group made in AD, i.e. “Critical Servers”, and click OK to close

Then double click on Specify intranet Microsoft update service location, Enable the policy, and under Options enter the address for the WSUS server and port, i.e. “http://*servername*:8530” for bother inputs and click OK to close

Lastly double click on the Configure Automatic Updates policy, Enable it and under Options set the updating to option 4; 7 for install day; and midnight for install time, this will limit network traffic, interference, and restart downtime to a minimum, click OK to close

Close the window to apply changes to the policy. Back in Group Policy Management, Right Click on the GPO and Enforce it

Close Group Policy Management, go back to Windows Server Update Service. You will notice that after time that new computers which have been added to the domain will start to appear in the Service

To force an update of clients into the Windows Server Update Service portal, run the following in a Command Prompt: wuauclt /detectnow, and new computer should start populating