Thomas N
asked on
script for removing wsus client registry key
I have a domain that has very few machines reporting to WSUS and thats because I believe the tech here created an image from an old image. Long story short I need to delete the registry keys (pingid,accoundomansid,sus clienid) so that they can report to the server. I need to run it in AD as a startup script, I have over 3k machines on the network. I found the script below but not sure its working, can anyone assist?
'--------------------8<--- ---------- ---------
Set oShell = CreateObject("WScript.Shel l")
sRegKey = "HKLM\SOFTWARE\Microsoft\W indows\Cur rentVersio n\WindowsU pdate"
' suppress error in case values does not exist
On Error Resume Next
' check for marker
sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")
' to be sure values is only deleted once, test on marker
If sIDDeleted <> "yes" Then
' delete values
oShell.RegDelete sRegKey & "\AccountDomainSid"
oShell.RegDelete sRegKey & "\PingID"
oShell.RegDelete sRegKey & "\SusClientId"
' Stop and start the Automatic updates service
oShell.Run "%SystemRoot%\system32\net .exe stop wuauserv", 0, True
oShell.Run "%SystemRoot%\system32\net .exe start wuauserv", 0, True
' Run wuauclt.exe with resetauthorization
sCmd = "%SystemRoot%\system32\wua uclt.exe /resetauthorization /detectnow"
oShell.Run sCmd, 0, True
' create marker
oShell.RegWrite sRegKey & "\IDDeleted", "yes"
End If
'--------------------8<--- ---------- ---------
'--------------------8<---
Set oShell = CreateObject("WScript.Shel
sRegKey = "HKLM\SOFTWARE\Microsoft\W
' suppress error in case values does not exist
On Error Resume Next
' check for marker
sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")
' to be sure values is only deleted once, test on marker
If sIDDeleted <> "yes" Then
' delete values
oShell.RegDelete sRegKey & "\AccountDomainSid"
oShell.RegDelete sRegKey & "\PingID"
oShell.RegDelete sRegKey & "\SusClientId"
' Stop and start the Automatic updates service
oShell.Run "%SystemRoot%\system32\net
oShell.Run "%SystemRoot%\system32\net
' Run wuauclt.exe with resetauthorization
sCmd = "%SystemRoot%\system32\wua
oShell.Run sCmd, 0, True
' create marker
oShell.RegWrite sRegKey & "\IDDeleted", "yes"
End If
'--------------------8<---
Here is what we use. However, you might have to remove the "echo" portions if you do not want it to be interactive.
@echo off
echo Stopping Update Agent...
net stop wuauserv
echo Deleting Existing WSUS Cache...
echo.
del /s /q %systemroot%\SoftwareDistribution
echo.
echo Starting Update Agent...
net start wuauserv
pause
echo.
Echo Attaching to WSUS...
wuauclt /detectnow
wuauclt /reportnow
Please note that the above is simply a batch file.
roseroj
Your script will be of no use for the duplicate SID issue.
Your script will be of no use for the duplicate SID issue.
ASKER
dstewartjr: I can add your script as a GPO startup script and it should work? Have you done it? Thanks
Yes, I have. I just remove it after all is well. If this doesnt fix it for you post a windowsupdate.log and we can further investigate.
ASKER
Thanks I will give it a try now and will return with the results. I do notice that there is only the susclientid and susclientvalidation key. There is no pingid or accountdomainsid. I wonder why that would be?
The susclientid and susclientvalidation key are the only two required, this is all that shows in our environment as well.
ASKER
hmm...when I run the script manually I see the susclientid change. But when I add it to the GPO as a script it does not work.
I added it to the Computer configuration | Scripts | Startup - I look at the advanced system information on the machine and it says it loads the GPO and the script but for some reason I check the registry and its the same. I have gpupdated/forced it a few times and restarted the computer. Any sugggestions?
I added it to the Computer configuration | Scripts | Startup - I look at the advanced system information on the machine and it says it loads the GPO and the script but for some reason I check the registry and its the same. I have gpupdated/forced it a few times and restarted the computer. Any sugggestions?
you could use psexec \\* -c -f -s \\server\share\fixwsus.bat
Just tested this command, it will go thru your whole domain
Just tested this command, it will go thru your whole domain
ASKER
Only errors I am getting is "sleep command not recognized" , also bat file exited with error code 0. Also do you suggest running this during business hours? Do you think it causes alot of network traffic.
ASKER
Im going to run it when I leave today so it runs over the weekend. I will give an update on monday. Thanks dstewartjr for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ran over the weekend and it worked great. Now most if not all machines reporting to WSUS.
used the batch file from dstewartjr - excellent !!!
Open in new window