We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

How to verify a WSUS GPO is being applied to Computers?

Comptx
Comptx asked
on
Medium Priority
541 Views
Last Modified: 2012-05-07
Hello, how can i make sure my WSUS is being applied to the computeres and not to the users?
Thanks in advanced.
Comment
Watch Question

Toni UranjekConsultant/Trainer

Commented:
Hi Comptx,

WSUS GPO should be linked to an OU which contains computer accounts. Because WSUS settings are part of computer configuration they can not be applied to users. You cen use gpresult on clinet computer to check if policy is applies. You can use gpupdate /force to apply new settings immediately.

HTH

Toni
For one.  You can not assign WSUS to Users, ONLY computers.  There are a few settings under the Users Windows Components but they only pertain to how users can interact with the Service's effects.  Not the Service itself.
Network Administrator
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
Go over this guide and compare to yours
Configuring the WSUS Client by Group Policy

Author

Commented:
Well, my settigs are correct according to the guide, but for some reason half my computers are not showing up on the wsus console, thats why i wanted to know if maybe i was applying the policy incorrectly.
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
You most likely have a problem with duplicate sids, which is caused by imaging.
run the .bat below on computers not showing up

%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv  
 
 
 
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
 
 
rd /s /q %windir%\softwareDistribution
 
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 
 
 
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
wuauclt /resetauthorization /detectnow
 
exit /B 0 

Open in new window

Author

Commented:
I have tried that command already and it didnt work, also i havent used images for my systems.

Author

Commented:
Actually, the server which runs the wsus is from an image. Does that have anything to do with it?  I havent ran that command on the server itself..
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
no, that wont have any bearing. Could you post your windowsupdate.log from any client not showing up?

Author

Commented:
attached is a Windowsupdate.log of a brand new PC added to the domain. Not showing up on the WSUS server like they used to before. And below is the results of the client diag program.


WSUS Client Diagnostics Tool

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS
                This version is WSUS 2.0

Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Control Panel

Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use

Checking Connection to WSUS/SUS Server
AU does not have Policy Set
AU does not have Policy Set
        UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL

Press Enter to Complete
Windowsupdate.log
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.