Windows Server Update Services (WSUS) share permissions

When planning Microsoft Windows Server Update Services (WSUS) implementations, the following article must be consulted:

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment

It appears that in some cases there are insufficient permissions provided in the WSUS SMB/CIFS share, therefore receiving Windows event logs with event ID 10012:
http://www.eventid.net/display-eventid-10012-source-Windows%20Server%20Update%20Services-eventno-9198-phase-1.htm

The following SMB and NTFS permissions should be set on the top-level shared folder used for the WSUS repository:

    null
  • Network Service (Full control permissions)
  • System (Full control permissions)
  • WSUSSERVER$ (Full control permissions), where WSUSSERVER$ is the hostname of the WSUS server computer object
  • Administrators group (Full control permissions)

The above permissions must be present at following levels:
• SMB share level (right click top level shared folder –> Properties
–> sharing –> advanced sharing –> permissions).
• NTFS level (right click top level shared folder –> Properties –> Security).

Was this article helpful?

Related Articles