Comptx
asked on
How to verify a WSUS GPO is being applied to Computers?
Hello, how can i make sure my WSUS is being applied to the computeres and not to the users?
Thanks in advanced.
Thanks in advanced.
For one. You can not assign WSUS to Users, ONLY computers. There are a few settings under the Users Windows Components but they only pertain to how users can interact with the Service's effects. Not the Service itself.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, my settigs are correct according to the guide, but for some reason half my computers are not showing up on the wsus console, thats why i wanted to know if maybe i was applying the policy incorrectly.
You most likely have a problem with duplicate sids, which is caused by imaging.
run the .bat below on computers not showing up
run the .bat below on computers not showing up
%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
rd /s /q %windir%\softwareDistribution
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
wuauclt /resetauthorization /detectnow
exit /B 0
ASKER
I have tried that command already and it didnt work, also i havent used images for my systems.
ASKER
Actually, the server which runs the wsus is from an image. Does that have anything to do with it? I havent ran that command on the server itself..
no, that wont have any bearing. Could you post your windowsupdate.log from any client not showing up?
ASKER
attached is a Windowsupdate.log of a brand new PC added to the domain. Not showing up on the WSUS server like they used to before. And below is the results of the client diag program.
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is running. . . PASS
Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS
This version is WSUS 2.0
Checking AU Settings
AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
Option is from Control Panel
Checking Proxy Configuration
Checking for winhttp local machine Proxy settings . . . PASS
Winhttp local machine access type
<Direct Connection>
Winhttp local machine Proxy. . . . . . . . . . NONE
Winhttp local machine ProxyBypass. . . . . . . NONE
Checking User IE Proxy settings . . . . . . . . . . . . PASS
User IE Proxy. . . . . . . . . . . . . . . . . NONE
User IE ProxyByPass. . . . . . . . . . . . . . NONE
User IE AutoConfig URL Proxy . . . . . . . . . NONE
User IE AutoDetect
AutoDetect not in use
Checking Connection to WSUS/SUS Server
AU does not have Policy Set
AU does not have Policy Set
UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL
Press Enter to Complete
Windowsupdate.log
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is running. . . PASS
Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS
This version is WSUS 2.0
Checking AU Settings
AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
Option is from Control Panel
Checking Proxy Configuration
Checking for winhttp local machine Proxy settings . . . PASS
Winhttp local machine access type
<Direct Connection>
Winhttp local machine Proxy. . . . . . . . . . NONE
Winhttp local machine ProxyBypass. . . . . . . NONE
Checking User IE Proxy settings . . . . . . . . . . . . PASS
User IE Proxy. . . . . . . . . . . . . . . . . NONE
User IE ProxyByPass. . . . . . . . . . . . . . NONE
User IE AutoConfig URL Proxy . . . . . . . . . NONE
User IE AutoDetect
AutoDetect not in use
Checking Connection to WSUS/SUS Server
AU does not have Policy Set
AU does not have Policy Set
UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL
Press Enter to Complete
Windowsupdate.log
WSUS GPO should be linked to an OU which contains computer accounts. Because WSUS settings are part of computer configuration they can not be applied to users. You cen use gpresult on clinet computer to check if policy is applies. You can use gpupdate /force to apply new settings immediately.
HTH
Toni