In this short post, we will take a brief look at how to enable WSUS cleanup in ConfigMgr and a bit about the WSUS maintenance tasks available. We will also use the management insights to check whether WSUS cleanup is enabled or not.
Microsoft recommends that you enable WSUS Maintenance options in the Software Update Point configuration. These options are designed to keep your WSUS neat and tidy. When you enable WSUS maintenance options at the top-level site, you automate the cleanup procedures after each SUP synchronization. In short, you keep your Software Update Point healthy by enabling WSUS cleanup options.
You can only use ConfigMgr to turn on WSUS cleanup after installing and setting up the Software Update Point role. For more help, take a look at the complete guide to install and configure Software Update Point role in SCCM. If you aren’t using SCCM to manage and distribute updates, you have to run the WSUS Server Cleanup wizard by hand to get rid of updates that aren’t needed.
Recommended Read: How to Run WSUS Server Cleanup Wizard to Clean Updates
Steps to Enable WSUS Cleanup in ConfigMgr
The steps to enable WSUS cleanup in ConfigMgr are as follows.
- Launch the ConfigMgr console.
- Navigate to Administration > Overview > Site Configuration > Sites.
- Select the site at the top of your Configuration Manager hierarchy. Click Software Update Point and open Software Update Point Component Properties.
- Click the WSUS Maintenance tab and enable the WSUS clean up options (select all 3 options).
- Save the changes by clicking Apply and OK.
There are currently three WSUS maintenance tasks available in ConfigMgr. You just need to enable them and Configuration Manager handles the cleanup after each synchronization.
- Decline Expired Updates in WSUS according to supersedence rules
- Add Non-clustered indexes to the WSUS database
- Remove Obsolete updates from the WSUS database
If you require additional information on WSUS maintenance tasks, here is a dedicated post on 3 Useful WSUS Maintenance Options in Configuration Manager. It also explains what each of these WSUS maintenance tasks does.
In the next step, we will run a built-in management insights rule called “Enable WSUS cleanup,” which basically checks whether the WSUS cleanup options are enabled or not. The WSUS cleanup management insight is categorized under “Proactive Maintenance.” This rule is checked periodically and is turned on by default when you install ConfigMgr.
WSUS Cleanup Management Insights
When you enable the WSUS cleanup in ConfigMgr, you can actually verify if the WSUS cleanup options are enabled by running the Enable WSUS Cleanup management insight.
- Launch the SCCM console.
- Go to Administration\Overview\Management Insights\All Insights.
- From the list of Management Insights, select Proactive Maintenance.
- Look for Enable WSUS Cleanup. Right click and select Evaluate / Re-Evaluate.
When you re-evaluate this rule, it checks if the WSUS maintenance options are enabled on the WSUS maintenance tab of Software Update Point properties. If the WSUS maintenance options are enabled, it simply shows as completed. If the WSUS cleanup options are not enabled, then you see the status as Action needed.
Under the WSUS Cleanup rule details, what you can do is click Review Actions, and it directly takes you to Administration\Overview\Site Configuration\Sites. From there, you can select the Software Update Point and enable the WSUS cleanup options or WSUS maintenance options.
Next, I’ll turn on all the WSUS maintenance options and look at the WSUS cleanup rule again. Wait for a few seconds while the evaluation happens in the background. Refreshing the console shows that the WSUS cleanup proactive maintenance insight in the ConfigMgr console is now marked as Completed. This means that the WSUS cleanup options for your software update point have been set up correctly.