On networks with hundreds or thousands of computers, the Automatic Updates process can use a considerable amount of network bandwidth, and having all the computers check for updates and install them over the Internet doesn’t make sense. Instead, consider using the Specify Intranet Microsoft Update Service Location policy, which tells individual computers to check a designated internal server for updates.

The designated update server must run Windows Server Update Services (WSUS), be configured as a web server running IIS, and be able to handle the additional workload, which might be considerable on a large network during peak usage times. Additionally, the update server must have access to the external network on port 80. The use of a firewall or proxy server on this port shouldn’t present any problems.

The update process also tracks configuration information and statistics for each computer. This information is necessary for the update process to work properly, and it can be stored on a separate statistics server (an internal server running IIS) or on the update server itself.

To specify an internal update server, follow these steps:

1. After you install and configure an update server, open the GPO with which you want to work for editing. In the policy editor, access Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update.

2. Double-tap or double-click Specify Intranet Microsoft Update Service Location. In the Properties dialog box, select Enabled.

3. In the Set The Intranet Update Service For Detecting Updates text box, enter the URL of the update server. In most cases, this is http://servername, such as http://CorpUpdateServer01 .

4. Enter the URL of the statistics server in the Set The Intranet Statistics Server text box. This doesn’t have to be a separate server; you can specify the update server in this text box.

NOTE If you want a single server to handle both updates and statistics, enter the same URL in both boxes. Otherwise, if you want a different server for updates and statistics, enter the URL for each server in the appropriate box.

5. Tap or click OK. After the applicable GPO is refreshed, systems running appropriate versions of Windows will look to the update server for updates. You’ll want to monitor the update and statistics servers closely for several days or weeks to ensure that everything is working properly. Directories and files will be created on the update and statistics servers.

■ Navigating networking in Windows Server 2012 R2

■ Managing networking in Windows 8.1 and Windows Server 2012 R2

■ Installing TCP/IP networking

■ Configuring TCP/IP networking

■ Managing network connections

As an administrator, you enable networked computers to communicate by using the basic networking protocols built into Windows Server 2012 R2. The key protocol you use is TCP/IP, which is a suite of protocols and services used for communicating over a network and is the primary protocol used for internetwork communications. Compared to configuring other networking protocols, configuring TCP/IP communications is fairly complicated, but TCP/IP is the most versatile protocol available.

NOTE Group Policy settings can affect your ability to install and manage TCP/IP networking. The key policies you should examine are in User Configuration\Administrative Templates\Network\Network Connections and Computer Configuration\Administrative Templates\System\Group Policy. Group Policy is discussed in Chapter 6, “Managing users and computers with Group Policy.”

Windows Server 2012 R2 has an extensive set of networking tools:

■ Network Explorer Provides a central console for browsing computers and devices on the network

■ Network And Sharing Center Provides a central console for viewing and managing a computer’s networking and sharing configuration

■ Network Diagnostics Provides automated diagnostics to help diagnose and resolve networking problems

Before I describe how these networking tools are used, let’s first look at the following Windows Server 2012 R2 features on which these tools rely:

■ Network Discovery Controls the ability to view other computers and devices

■ Network Awareness Reports changes in network connectivity and configuration

REAL WORLD Computers running Windows Vista with SP1 or later, in addition to later releases of Windows, support extensions to network awareness. These extensions enable a computer connected to one or more networks via two or more interfaces (regardless of whether they are wired or wireless) to select the route with the best performance for a particular data transfer. As part of selecting the best route, Windows chooses the best interface (either wired or wireless) for the transfer. This mechanism improves the selection of wireless over wired networks when both interfaces are present.

Network discovery settings for the computer with which you are working determine the computers and devices you can browse or view in Windows Server 2012 R2 networking tools. Discovery settings work in conjunction with a computer’s Windows Firewall settings to block or allow the following:

■ Discovery of network computers and devices

■ Discovery of your computer by others

Network discovery settings are meant to provide the appropriate level of security for each of the various categories of networks to which a computer can connect.

The three categories of networks are defined as follows:

■ Domain network Designates a network in which computers are connected to the corporate domain to which they are joined

■ Private network Designates a network in which computers are configured as members of a homegroup or workgroup and are not connected directly to the public Internet

■ Public network Designates a network in a public place, such as a coffee shop or an airport, rather than an internal network

Because a computer saves settings separately for each category of network, different block and allow settings can be used for each network category. When you connect a computer’s network adapter to a network for the first time, Windows sets the network category based on the configuration of the computer. Based on the network category, Windows Server 2012 R2 automatically configures settings that turn discovery on or off. The On (Enabled) state means

■ The computer can discover other computers and devices on the network.

■ Other computers on the network can discover the computer.