You probably already know that backing up your Windows Server Update Services is crucial. You want to back up because restores are faster than rebuilding WSUS. Although it’s not difficult to rebuild, it takes valuable time we know you don’t have. Your WSUS configuration includes the approval status of your updates and WSUS synchronization settings – all of which you won’t have to reconfigure should your WSUS server crash.
It’s a best practice to regularly back up WSUS data as well as update content. Doing so ensures you do not lose critical information about the state of the WSUS server. It can be a rather involved process with its nuances. We will help you learn what you need to know about backing up your WSUS environment.
What’s Involved in WSUS Backups?
Backups happen at multiple levels – hardware, VM, file, and SQL. Backing up your WSUS data means protecting all the information contained within the WSUS database – admin settings, computer groups and group membership, and the installation status of updates. Of course, you can always re-sync the update content from Microsoft Update so you can opt to not back up the WsusContent folder, but that takes time.
Save yourself time by backing it all up, including:
The WSUS database – includes metadata, admin settings, computer groups and group membership, etc.
The WsusContent folder where update files are stored, (optional, but recommended).
The folder that contains third-party update publishing operations.
The WSUS database can use the WID (Windows Internal Database) or a separate SQL Server instance. The database files are called SUSDB.mdf and SUSDB_log.ldf, and when using the built-in WID as a WSUS database, they are located in %WinDir%\WID\Data. Backups on the SUSDB are Full backups every time as the recovery model is set to ‘Simple’ by default. There’s really no reason to switch the recovery model to ‘Full’ for WSUS. However, it is still possible if you want to.
There are multiple ways of backing up the database. If you’re used to the graphical way, install SQL Server Management Studio (SSMS). If you want to do it the command line way, you will need to download and install SQL CmdLine Utilities along with any prerequisites.
1. Open SSMS and connect to the database instance being used for WSUS. If connecting to the WID, open SSMS using “Run as administrator”, or the connection will not work.
2. Expand Databases and right click on SUSDB (the default name for the WSUS Database) and choose Tasks > Back Up.
3. Add a Destination disk (a filename that ends in .bak and location on the server).
4. Under the Backup Options page CHANGE Set backup compression to “Compress Backup” (Note: if running WSUS on SQL Express, Compress Backup is not a feature you can choose as it will error out. This just means you have a LARGER file size for the backups.
5. Press OK and your database will back up.
1. Open PowerShell. If connecting to the WID, open PowerShell using “Run as administrator” or the connection will not work. SQLCmd.exe should already be available to use as it should be in the global
2. Run SQLCmd with the appropriate connection to your database:
SQLCmd.exe -E -S np:\\.\pipe\MICROSOFT##WID\tsql\query -Q "BACKUP DATABASE [SUSDB] TO DISK = N'C:\Temp\SUSDB.bak' WITH DESCRIPTION = N'AJ Tek''s Example WSUS Database Full Backup', NOFORMAT, NOINIT, NAME = N'SUSDB Full Backup', NOSKIP, REWIND, NOUNLOAD, COMPRESSION, STATS = 10, CHECKSUM"
b. SQL Instance:
SQLCmd.exe -S .\SQLServerInstance -E -Q "BACKUP DATABASE [SUSDB] TO DISK = N'C:\Temp\SUSDB.bak' WITH DESCRIPTION = N'AJ Tek''s Example WSUS Database Full Backup', NOFORMAT, NOINIT, NAME = N'SUSDB Full Backup', NOSKIP, REWIND, NOUNLOAD, COMPRESSION, STATS = 10, CHECKSUM"
File Level Backups
1. Find out where WSUS is storing the update files (WsusContent):
"$(Get-ItemProperty -Path 'HKLM:\Software\Microsoft\Update Services\Server\Setup' -Name 'ContentDir' | Select-Object -ExpandProperty 'ContentDir')\WsusContent\"
2. Find out where WSUS is storing any third-party update publishing files (UpdateServicesPackages):
"$(Get-ItemProperty -Path 'HKLM:\Software\Microsoft\Update Services\Server\Setup' -Name 'ContentDir' | Select-Object -ExpandProperty 'ContentDir')\UpdateServicesPackages\"
3. Either use an enterprise backup solution to back up these folders, or copy these folders to your backup location. Be sure to copy permissions so they can easily be restored or you will have to resort to restoring permissions manually.
Hardware or Virtual Machine (VM) Backups
Use an enterprise backup solution to back up your hardware or VM installation of Windows. Backing up your hardware or a VM without the backup solution being SQL Aware will cause the logs to continue to grow. This means that you should still backup the WSUS Database using one of the methods above.
Backing Up WSUS with WAM Saves You Time
WSUS does not have a built-in utility for backing up and restoring. Backups are done using Windows Server Backup or third party file-level solution in combination with SQL Backups or a third-party solution, like WAM. WAM uses SQLCMD.exe which is SQL’s own tool for backups. We test if compression is supported and compress the backup by default. Be advised, compression is NOT supported on SQL Express installations, but is supported on WID/SQL Standard/SQL Enterprise. WAM does NOT backup remote databases as if it is on a remote server (Express/Standard/Enterprise), there should be an SQL Aware Enterprise level backup solution being used to backup the database.
WAM can take care of your WSUS backups so you can free up your time to work on other matters.
At AJ Tek, our vision is to make IT simple and automated for other IT professionals. Our flagship product is WAM, WSUS Automated Maintenance. This system performs all of the tasks that a WSUS Administrator needs to do to maintain WSUS properly only leaving the approving of updates and reporting to the WSUS Administrator.