asked on

Windows Update Group Policy not deleting from Win2008 Server

We have a windows 2003 domain controller and group policy configured. I disabled a windows update related GPO that was attached to the OU container of a Windows 2008R2 Antivirus server. There are now no policies being enforced that relate to Windows update on the antivirus server. This is a fresh install of 2008R2, and I'm attempting to run windows updates manually before I load the antivirus services onto it.

GPRESULT confirms that no oddball policies are slipping through, only the Default Domain Policy which does not mention Windows Update.

Even after a GPUPDATE /FORCE and a reboot, the Windows Update settings are still unavailable, as if the original GPO was still being applied.

What am I missing?

ASKER CERTIFIED SOLUTION

gtworek

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

dethbylt

How about in the local security policy? Maybe the default local policy is set to block/allow whatever setting it is that is tripping you up. Windows 2008 does handle GPOs in a slightly different way, but I don't see why that would keep a refresh from working. Try the local policy first.

What policy is it any way?

A MS resource on the handling of Server 2008 GPOs: http://support.microsoft.com/kb/943729

vmwarun - Arun

Navigate to this hive in the registry

HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU
In the right-pane, delete the two values AUOptions and NoAutoUpdate
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate

In the right-pane, delete the value DisableWindowsUpdateAccess
This would enable you to change the Windows Update Client accordingly.

CANI

ASKER

Thank you! I selected "Disable" on the policy in question, applied it, then changed it back to Not Configured. Works fine. Makes sense to me!