Solved

Implementing WSUS without AD

Posted on 2006-11-27
6
1,115 Views
Last Modified: 2009-04-28
Hello,

I have been tasked with implementing WSUS in an environment where I will not have access to AD.  Since I cannot rely on GPO, is there another way to add multiple workstations to WSUS (script maybe) without configuring each workstation manually?

Thanks in advance,

IPT
0
Comment
Question by:iptrader
6 Comments
 
LVL 13

Expert Comment

by:itcoza
ID: 18022227
Edit the registry as per: http://technet2.microsoft.com/WindowsServer/en/library/b23562a8-1a97-45c0-833e-084cd463d0371033.mspx?mfr=true

====

Manipulate registry settings on the SUS client computer
If all else has failed, you can attempt to manually manipulate registry settings to get the client computer to self-update to the WSUS client.

 To manually manipulate registry settings on the SUS client computer
 
 1.  Click Start, and then click Run.
 
2.  In the Open box, type regedit and then click OK.
 
3.  In Registry Editor, navigate to the WindowsUpdate key by expanding the following:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\

If the WindowsUpdate key does not exist, do the following:
 
4.  On the menu, click Edit, point to New, and then click Key.
 
5.  Type WindowsUpdate as the name for the new key.
 
6.  Double-click the WUServer setting, type the URL to your WSUS server, and then press ENTER.

If the WUServer setting does not exist, do the following:

On the menu, click Edit, point to New, and then click String Value.
 
7.  Type WUServer as the setting name.
 
8.  Double-click the WUStatusServer setting, type the URL to your WSUS server, and then press ENTER.

If the WUStatusServer setting does not exist, do the following:

On the menu, click Edit, point to New, and then click String Value.
 
9.  Type WUStatusServer as the setting name.
 
10.  Navigate to the following:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

If the AU key does not exist, do the following:

On the menu, click Edit, point to New, and then click Key.
 
11.  Type AU as the name for the new key.
 
12.  Verify that the UseWUServer setting has a value of 1 (0x1).If it does not, modify it by double-clicking the setting and then changing the value.

If the UseWUServer setting does not exist, do the following:

On the menu, click Edit, point to New, and then click DWORD Value.
 
13.  Type UseWUServer for the setting name.
 
14.  Navigate to the following:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
 
15.  Enable and configure Automatic Updates through Control Panel:

Click Start, click Control Panel, and then double-click Automatic Updates.
 
16.  In the Automatic Updates dialog box, specify download and installation options, and then click OK. Make sure that Turn off Automatic Updates is not selected.
 
17.  Ensure that the AUState setting has a value of 2 (0x2). If it does not, modify it by double-clicking and changing the value.
 
18.  If the LastWaitTimeout setting exists, delete it.
 
19.  If the DetectionStartTime setting exists, delete it.
 
20.  At the command prompt, type the following, and then press ENTER to stop the Automatic Updates service:

net stop wuauserv
 
21.  At the command prompt, type the following, and then press ENTER to restart the Automatic Updates service:

net start wuauserv
 
22.  Wait approximately 6 to 10 minutes for the self-update to occur.
 
 
====

Then do a backup of the registry key and roll out the other clients (double click on .reg file created)
0
 
LVL 6

Expert Comment

by:trippleO7
ID: 18022318
MS Technet Article Describing Registry Entries for non-AD enviroments:

http://technet2.microsoft.com/WindowsServer/en/library/75ee9da8-0ffd-400c-b722-aeafdb68ceb31033.mspx?mfr=true

As far as getting these applied to multiple computers, I suppose the syntax in a vbs script would be this:


EXAMPLE OF AUOPTIONS KEY FOR AUTO DOWNLOAD AND NOTIFY LOCAL ADMIN

'begin script
Dim objShell
On error resume next
''''''''''''''
' Registry key
''''''''''''''
strRegLoc = "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate"
strKey = "AUOptions" 'key you'll be creating
strValue = "3" 'value within new key
''''''''''''''''''''''''
'write new key and value
''''''''''''''''''''''''
Set objShell = CreateObject("WScript.Shell")
objShell.RegWrite strRegLoc & strKey, 1, "REG_DWORD"
objShell.RegWrite strRegLoc & strKey,_
strValueLocal, "REG_DWORD"
'end script

I haven't been able to test this out so apologies if it doesn't work....But that would be something similar to what you are going to use.
0
 
LVL 5

Expert Comment

by:megs28
ID: 18022403
If you're not worried about loosing information currently in GP on each client, there is still a easy way to do it with GP.  On a Windows client, setup the policies you would like to implement.  All of this configuration is kept in copy the C:\%systemroot%\system32\Group Policy.  If every client PC is running the same OS, you can write a batch script to execute at logon.  If they're not, you'll likely have to do it manually creating a "master" Group Policy folder for each OS.  You would copy the Group Policy folder to the system32 folder, overwriting the existing one.  In XP run 'gpupdate /force' from the command prompt, Windows 2000 will require a reboot (or manually apply the policy).  After this you run 'wuauclt /detectnow' to for Automatic Updates to force a detection cycle and have the client report to the WSUS server.

This is how I implemented WSUS in my NT environment.  I didn't do it by script, but had the help desk run around for a few days instead.  The "master" group polocy folder minimized the number of errors they could make.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 18023105
Throw this into a .reg file.  Run it on your workstations.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://FQDN of WSUS server"
"WUStatusServer"="http://FQDN of WSUS server"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"UseWUServer"=dword:00000001
"RescheduleWaitTime"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000005


Change these lines to your WSUS server:

"WUServer"="http://FQDN of WSUS server"
"WUStatusServer"="http://FQDN of WSUS server"




0
 

Author Comment

by:iptrader
ID: 18041119
Netman, your solution worked well.  Thanks for your help!

Best,

IPT
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18042463
Anytime.

We used our primary WSUS server for many non-domain connected PCs - we found this quick and dirty reg hack worked pretty nicely too.  It takes the work out of it.

Regards,
NM


0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to virtualize old server? (2003) 7 112
How to migrate from 2003 SBS to 2012 R2 as DC? 1 62
SolarWind and DNS Server 12 86
Backup DHCP Server 8 114
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question