?
Solved

Windows 2003 - Group Policy / Windows Updates

Posted on 2010-08-19
7
Medium Priority
?
787 Views
Last Modified: 2013-12-04
Good Morning,

We have two servers in our domain running Windows 2003 but there seems to be a problem with the way that Windows Update is running.

The Group Policy for both the Domain and the Servers is setup to allow access to Windows Update and to Download but not install updates but that isn't whats happening.

On the Primary Domain Controller :

It seems to put something in the Registry which blocks access to Windows Update, if I visit the site now I get error code 0x8024002E

On the other Server in the Domain (Backup Controller) :

This goes to Windows Update, identifies updates, downloads each update but then will not install any of them.

Can someone help me reset the Windows Update policy to the default, thus allow both servers to connect to Windows Update?

Many thanks

 

M
0
Comment
Question by:mattstannard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 8

Assisted Solution

by:SylvainDrapeau
SylvainDrapeau earned 2000 total points
ID: 33473462
Hello !

Not 100% sure but close :

In the group policies, go tu "Machine\Admin Template\Windows Component\Windows Update" and "User\Admin Template\Windows Component\Windows Update"
In the registry, go to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate

Go first to the policies and set them all to "Not Configured", then (after a feew hours) go to the registry and finish the cleanup. When you are done, try WU and if all works fine, return to the policies and set them right.

Syldra
0
 

Author Comment

by:mattstannard
ID: 33473543
Hi,

Thanks for that, I've removed and re-added all of the templates and set them to Not Configured, however I get an error 0x8DDD0003.

This is because in the registry, a key is put there in

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Called

"DisableWindowsUpdateAccess" - I can't see what GPO object specifies how and where this is set. If I removed this key, I can access Windows Update but then if I click either Express or Custom I get  0x8024002E
0
 

Author Comment

by:mattstannard
ID: 33473766
Found the problem,

In the Local Policy there is a setting:

Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off access to all Windows Update features

This will also create the registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess

So when I disabled this it sorted the problem, thanks for your help!
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:mattstannard
ID: 33473809
I've attached a list of Policy to Registry Key conversions for Windows 2003 SP2
WindowsServer2003SP2GroupPolicyS.xls
0
 
LVL 8

Accepted Solution

by:
SylvainDrapeau earned 2000 total points
ID: 33476780
I don't think my comment was so not helpful that it's not worth some points.

In the end, the answer was under "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate", where I told you to look in the first place.

Syldra
0
 

Author Comment

by:mattstannard
ID: 33476903
Yes, sorry didn't mean not to give you anything. When I did GPUPDATE /force it just reappeared,the spreadsheet tells you where else generates this key. Helpful to have the same thing set in multiple places lol!
0
 
LVL 8

Expert Comment

by:SylvainDrapeau
ID: 33477055
Yes, I sometimes wonder how someone could come up with this. It works most of the time but here's a proof that it's not always 100% accurate and/or logical.

Anyways, thank you for accepting the solution, I appreciate.

Syldra
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month7 days, 21 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question