Windows Server Update Services (WSUS) share permissions

When planning Microsoft Windows Server Update Services (WSUS) implementations, the following article must be consulted:

It appears that in some cases there are insufficient permissions provided in the WSUS SMB/CIFS share, therefore receiving Windows event logs with event ID 10012:

The following SMB and NTFS permissions should be set on the top-level shared folder used for the WSUS repository:

  • Network Service (Full control permissions)
  • System (Full control permissions)
  • WSUSSERVER$ (Full control permissions), where WSUSSERVER$ is the hostname of the WSUS server computer object
  • Administrators group (Full control permissions)

The above permissions must be present at following levels:
• SMB share level (right click top level shared folder –> Properties
–> sharing –> advanced sharing –> permissions).
• NTFS level (right click top level shared folder –> Properties –> Security).

Powered by BetterDocs