Solved

Windows 2003 - Group Policy / Windows Updates

Posted on 2010-08-19
7
780 Views
Last Modified: 2013-12-04
Good Morning,

We have two servers in our domain running Windows 2003 but there seems to be a problem with the way that Windows Update is running.

The Group Policy for both the Domain and the Servers is setup to allow access to Windows Update and to Download but not install updates but that isn't whats happening.

On the Primary Domain Controller :

It seems to put something in the Registry which blocks access to Windows Update, if I visit the site now I get error code 0x8024002E

On the other Server in the Domain (Backup Controller) :

This goes to Windows Update, identifies updates, downloads each update but then will not install any of them.

Can someone help me reset the Windows Update policy to the default, thus allow both servers to connect to Windows Update?

Many thanks

 

M
0
Comment
Question by:mattstannard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 8

Assisted Solution

by:SylvainDrapeau
SylvainDrapeau earned 500 total points
ID: 33473462
Hello !

Not 100% sure but close :

In the group policies, go tu "Machine\Admin Template\Windows Component\Windows Update" and "User\Admin Template\Windows Component\Windows Update"
In the registry, go to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate

Go first to the policies and set them all to "Not Configured", then (after a feew hours) go to the registry and finish the cleanup. When you are done, try WU and if all works fine, return to the policies and set them right.

Syldra
0
 

Author Comment

by:mattstannard
ID: 33473543
Hi,

Thanks for that, I've removed and re-added all of the templates and set them to Not Configured, however I get an error 0x8DDD0003.

This is because in the registry, a key is put there in

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Called

"DisableWindowsUpdateAccess" - I can't see what GPO object specifies how and where this is set. If I removed this key, I can access Windows Update but then if I click either Express or Custom I get  0x8024002E
0
 

Author Comment

by:mattstannard
ID: 33473766
Found the problem,

In the Local Policy there is a setting:

Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off access to all Windows Update features

This will also create the registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess

So when I disabled this it sorted the problem, thanks for your help!
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:mattstannard
ID: 33473809
I've attached a list of Policy to Registry Key conversions for Windows 2003 SP2
WindowsServer2003SP2GroupPolicyS.xls
0
 
LVL 8

Accepted Solution

by:
SylvainDrapeau earned 500 total points
ID: 33476780
I don't think my comment was so not helpful that it's not worth some points.

In the end, the answer was under "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate", where I told you to look in the first place.

Syldra
0
 

Author Comment

by:mattstannard
ID: 33476903
Yes, sorry didn't mean not to give you anything. When I did GPUPDATE /force it just reappeared,the spreadsheet tells you where else generates this key. Helpful to have the same thing set in multiple places lol!
0
 
LVL 8

Expert Comment

by:SylvainDrapeau
ID: 33477055
Yes, I sometimes wonder how someone could come up with this. It works most of the time but here's a proof that it's not always 100% accurate and/or logical.

Anyways, thank you for accepting the solution, I appreciate.

Syldra
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question