[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


script for removing wsus client registry key

Posted on 2009-04-17
Medium Priority
Last Modified: 2012-09-05
I have a domain that has very few machines reporting to WSUS and thats because I believe the tech here created an image from an old image. Long story short I need to delete the registry keys (pingid,accoundomansid,susclienid) so that they can report to the server. I need to run it in AD as a startup script, I have over 3k machines on the network. I found the script below but not sure its working, can anyone assist?

Set oShell = CreateObject("WScript.Shell")

sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"

' suppress error in case values does not exist
On Error Resume Next

' check for marker
sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")

' to be sure values is only deleted once, test on marker
If sIDDeleted <> "yes" Then
   ' delete values
   oShell.RegDelete sRegKey & "\AccountDomainSid"
   oShell.RegDelete sRegKey & "\PingID"
   oShell.RegDelete sRegKey & "\SusClientId"

   ' Stop and start the Automatic updates service
   oShell.Run "%SystemRoot%\system32\net.exe stop wuauserv", 0, True
   oShell.Run "%SystemRoot%\system32\net.exe start wuauserv", 0, True

   ' Run wuauclt.exe with resetauthorization
   sCmd = "%SystemRoot%\system32\wuauclt.exe /resetauthorization /detectnow"
   oShell.Run sCmd, 0, True

   ' create marker
   oShell.RegWrite sRegKey & "\IDDeleted", "yes"
End If
Question by:Thomas N
  • 6
  • 6
  • 2
  • +1
LVL 47

Expert Comment

by:Donald Stewart
ID: 24169034
I use a .bat for this

%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientValidation /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll  
if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll 
if exist %Windir%\system32\softpub.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll  
if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll 
if exist %Windir%\system32\wuaueng.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll  
if exist %Windir%\system32\wuaueng1.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll  
if exist %Windir%\system32\wucltui.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll  
if exist %Windir%\system32\wups.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll  
if exist %Windir%\system32\wups2.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll  
if exist %Windir%\system32\wuweb.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll  
if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll
if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll
if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll
if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll
if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll
if exist %windir%\system32\msxml.dll  %windir%\system32\regsvr32.exe /s msxml.dll
if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll
if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll
if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll
if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll
if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll
if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
del C:\Windows\WindowsUpdate.log /S /Q
rd /s /q %windir%\softwareDistribution
sleep 5
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 
wuauclt.exe /resetauthorization
wuauclt.exe /detectnow 
wuauclt.exe /reportnow
exit /B 0 

Open in new window


Expert Comment

ID: 24169149
Here is what we use.  However, you might have to remove the "echo" portions if you do not want it to be interactive.
@echo off
echo Stopping Update Agent...
net stop wuauserv
echo Deleting Existing WSUS Cache...
del /s /q %systemroot%\SoftwareDistribution
echo Starting Update Agent...
net start wuauserv
Echo Attaching to WSUS...
wuauclt /detectnow
wuauclt /reportnow

Open in new window


Expert Comment

ID: 24169163
Please note that the above is simply a batch file.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 47

Expert Comment

by:Donald Stewart
ID: 24169197
Your script will be of no use for the duplicate SID issue.

Author Comment

by:Thomas N
ID: 24169247
dstewartjr: I can add your script as a GPO startup script and it should work? Have you done it? Thanks
LVL 47

Expert Comment

by:Donald Stewart
ID: 24169299
Yes, I have. I just remove it after all is well. If this doesnt fix it for you post a windowsupdate.log and we can further investigate.

Author Comment

by:Thomas N
ID: 24169447
Thanks I will give it a try now and will return with the results. I do notice that there is only the susclientid and susclientvalidation key. There is no pingid or accountdomainsid. I wonder why that would be?
LVL 47

Expert Comment

by:Donald Stewart
ID: 24169643
The susclientid and susclientvalidation key are the only two required, this is all that shows in our environment as well.

Author Comment

by:Thomas N
ID: 24169877
hmm...when I run the script manually I see the susclientid change. But when I add it to the GPO as a script it does not work.

I added it to the Computer configuration | Scripts | Startup - I look at the advanced system information on the machine and it says it loads the GPO and the script but for some reason I check the registry and its the same. I have gpupdated/forced it a few times and restarted the computer. Any sugggestions?
LVL 47

Expert Comment

by:Donald Stewart
ID: 24170549
you could use psexec \\* -c -f -s \\server\share\fixwsus.bat
Just tested this command, it will go thru your whole domain

Author Comment

by:Thomas N
ID: 24170882
Only errors I am getting is "sleep command not recognized" , also bat file exited with error code 0.   Also do you suggest running this during business hours? Do you think it causes alot of network traffic.

Author Comment

by:Thomas N
ID: 24171038
Im going to run it when I leave today so it runs over the weekend. I will give an update on monday. Thanks dstewartjr for your help
LVL 47

Accepted Solution

Donald Stewart earned 2000 total points
ID: 24171107
You're welcome.

Author Closing Comment

by:Thomas N
ID: 31571499
Ran over the weekend and it worked great. Now most if not all machines reporting to WSUS.

Expert Comment

ID: 38367215
used the batch file from dstewartjr - excellent !!!

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question