Solved

How to verify a WSUS GPO is being applied to Computers?

Posted on 2009-06-30
10
522 Views
Last Modified: 2012-05-07
Hello, how can i make sure my WSUS is being applied to the computeres and not to the users?
Thanks in advanced.
0
Comment
Question by:Comptx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 24748109
Hi Comptx,

WSUS GPO should be linked to an OU which contains computer accounts. Because WSUS settings are part of computer configuration they can not be applied to users. You cen use gpresult on clinet computer to check if policy is applies. You can use gpupdate /force to apply new settings immediately.

HTH

Toni
0
 
LVL 3

Expert Comment

by:LateNiteR
ID: 24748132
For one.  You can not assign WSUS to Users, ONLY computers.  There are a few settings under the Users Windows Components but they only pertain to how users can interact with the Service's effects.  Not the Service itself.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 125 total points
ID: 24749577
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s
is the fastest way
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24749610
Go over this guide and compare to yours
Configuring the WSUS Client by Group Policy
0
 

Author Comment

by:Comptx
ID: 24756486
Well, my settigs are correct according to the guide, but for some reason half my computers are not showing up on the wsus console, thats why i wanted to know if maybe i was applying the policy incorrectly.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24756611
You most likely have a problem with duplicate sids, which is caused by imaging.
run the .bat below on computers not showing up

%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv  
 
 
 
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
 
 
rd /s /q %windir%\softwareDistribution
 
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 
 
 
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
wuauclt /resetauthorization /detectnow
 
exit /B 0 

Open in new window

0
 

Author Comment

by:Comptx
ID: 24756680
I have tried that command already and it didnt work, also i havent used images for my systems.
0
 

Author Comment

by:Comptx
ID: 24756725
Actually, the server which runs the wsus is from an image. Does that have anything to do with it?  I havent ran that command on the server itself..
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24757681
no, that wont have any bearing. Could you post your windowsupdate.log from any client not showing up?
0
 

Author Comment

by:Comptx
ID: 24798398
attached is a Windowsupdate.log of a brand new PC added to the domain. Not showing up on the WSUS server like they used to before. And below is the results of the client diag program.


WSUS Client Diagnostics Tool

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS
                This version is WSUS 2.0

Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Control Panel

Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use

Checking Connection to WSUS/SUS Server
AU does not have Policy Set
AU does not have Policy Set
        UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL

Press Enter to Complete
Windowsupdate.log
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question