CANI
asked on
Windows Update Group Policy not deleting from Win2008 Server
We have a windows 2003 domain controller and group policy configured. I disabled a windows update related GPO that was attached to the OU container of a Windows 2008R2 Antivirus server. There are now no policies being enforced that relate to Windows update on the antivirus server. This is a fresh install of 2008R2, and I'm attempting to run windows updates manually before I load the antivirus services onto it.
GPRESULT confirms that no oddball policies are slipping through, only the Default Domain Policy which does not mention Windows Update.
Even after a GPUPDATE /FORCE and a reboot, the Windows Update settings are still unavailable, as if the original GPO was still being applied.
What am I missing?
GPRESULT confirms that no oddball policies are slipping through, only the Default Domain Policy which does not mention Windows Update.
Even after a GPUPDATE /FORCE and a reboot, the Windows Update settings are still unavailable, as if the original GPO was still being applied.
What am I missing?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Navigate to this hive in the registry
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU
In the right-pane, delete the two values AUOptions and NoAutoUpdate
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate
In the right-pane, delete the value DisableWindowsUpdateAccess
This would enable you to change the Windows Update Client accordingly.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU
In the right-pane, delete the two values AUOptions and NoAutoUpdate
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate
In the right-pane, delete the value DisableWindowsUpdateAccess
This would enable you to change the Windows Update Client accordingly.
ASKER
Thank you! I selected "Disable" on the policy in question, applied it, then changed it back to Not Configured. Works fine. Makes sense to me!
What policy is it any way?
A MS resource on the handling of Server 2008 GPOs: http://support.microsoft.com/kb/943729