Solved

Windows 2003 - Group Policy / Windows Updates

Posted on 2010-08-19
7
771 Views
Last Modified: 2013-12-04
Good Morning,

We have two servers in our domain running Windows 2003 but there seems to be a problem with the way that Windows Update is running.

The Group Policy for both the Domain and the Servers is setup to allow access to Windows Update and to Download but not install updates but that isn't whats happening.

On the Primary Domain Controller :

It seems to put something in the Registry which blocks access to Windows Update, if I visit the site now I get error code 0x8024002E

On the other Server in the Domain (Backup Controller) :

This goes to Windows Update, identifies updates, downloads each update but then will not install any of them.

Can someone help me reset the Windows Update policy to the default, thus allow both servers to connect to Windows Update?

Many thanks

 

M
0
Comment
Question by:mattstannard
  • 4
  • 3
7 Comments
 
LVL 8

Assisted Solution

by:SylvainDrapeau
SylvainDrapeau earned 500 total points
ID: 33473462
Hello !

Not 100% sure but close :

In the group policies, go tu "Machine\Admin Template\Windows Component\Windows Update" and "User\Admin Template\Windows Component\Windows Update"
In the registry, go to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate

Go first to the policies and set them all to "Not Configured", then (after a feew hours) go to the registry and finish the cleanup. When you are done, try WU and if all works fine, return to the policies and set them right.

Syldra
0
 

Author Comment

by:mattstannard
ID: 33473543
Hi,

Thanks for that, I've removed and re-added all of the templates and set them to Not Configured, however I get an error 0x8DDD0003.

This is because in the registry, a key is put there in

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Called

"DisableWindowsUpdateAccess" - I can't see what GPO object specifies how and where this is set. If I removed this key, I can access Windows Update but then if I click either Express or Custom I get  0x8024002E
0
 

Author Comment

by:mattstannard
ID: 33473766
Found the problem,

In the Local Policy there is a setting:

Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off access to all Windows Update features

This will also create the registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess

So when I disabled this it sorted the problem, thanks for your help!
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:mattstannard
ID: 33473809
I've attached a list of Policy to Registry Key conversions for Windows 2003 SP2
WindowsServer2003SP2GroupPolicyS.xls
0
 
LVL 8

Accepted Solution

by:
SylvainDrapeau earned 500 total points
ID: 33476780
I don't think my comment was so not helpful that it's not worth some points.

In the end, the answer was under "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate", where I told you to look in the first place.

Syldra
0
 

Author Comment

by:mattstannard
ID: 33476903
Yes, sorry didn't mean not to give you anything. When I did GPUPDATE /force it just reappeared,the spreadsheet tells you where else generates this key. Helpful to have the same thing set in multiple places lol!
0
 
LVL 8

Expert Comment

by:SylvainDrapeau
ID: 33477055
Yes, I sometimes wonder how someone could come up with this. It works most of the time but here's a proof that it's not always 100% accurate and/or logical.

Anyways, thank you for accepting the solution, I appreciate.

Syldra
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question