Windows 2003 - Group Policy / Windows Updates

Posted on 2010-08-19
Medium Priority
Last Modified: 2013-12-04
Good Morning,

We have two servers in our domain running Windows 2003 but there seems to be a problem with the way that Windows Update is running.

The Group Policy for both the Domain and the Servers is setup to allow access to Windows Update and to Download but not install updates but that isn't whats happening.

On the Primary Domain Controller :

It seems to put something in the Registry which blocks access to Windows Update, if I visit the site now I get error code 0x8024002E

On the other Server in the Domain (Backup Controller) :

This goes to Windows Update, identifies updates, downloads each update but then will not install any of them.

Can someone help me reset the Windows Update policy to the default, thus allow both servers to connect to Windows Update?

Many thanks


Question by:mattstannard
  • 4
  • 3

Assisted Solution

SylvainDrapeau earned 2000 total points
ID: 33473462
Hello !

Not 100% sure but close :

In the group policies, go tu "Machine\Admin Template\Windows Component\Windows Update" and "User\Admin Template\Windows Component\Windows Update"
In the registry, go to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate

Go first to the policies and set them all to "Not Configured", then (after a feew hours) go to the registry and finish the cleanup. When you are done, try WU and if all works fine, return to the policies and set them right.


Author Comment

ID: 33473543

Thanks for that, I've removed and re-added all of the templates and set them to Not Configured, however I get an error 0x8DDD0003.

This is because in the registry, a key is put there in



"DisableWindowsUpdateAccess" - I can't see what GPO object specifies how and where this is set. If I removed this key, I can access Windows Update but then if I click either Express or Custom I get  0x8024002E

Author Comment

ID: 33473766
Found the problem,

In the Local Policy there is a setting:

Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off access to all Windows Update features

This will also create the registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess

So when I disabled this it sorted the problem, thanks for your help!
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!


Author Comment

ID: 33473809
I've attached a list of Policy to Registry Key conversions for Windows 2003 SP2

Accepted Solution

SylvainDrapeau earned 2000 total points
ID: 33476780
I don't think my comment was so not helpful that it's not worth some points.

In the end, the answer was under "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate", where I told you to look in the first place.


Author Comment

ID: 33476903
Yes, sorry didn't mean not to give you anything. When I did GPUPDATE /force it just reappeared,the spreadsheet tells you where else generates this key. Helpful to have the same thing set in multiple places lol!

Expert Comment

ID: 33477055
Yes, I sometimes wonder how someone could come up with this. It works most of the time but here's a proof that it's not always 100% accurate and/or logical.

Anyways, thank you for accepting the solution, I appreciate.


Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
In the video, one can understand the process of resizing images in single or bulk. Kernel Bulk Image Resizer is an easy to use tool for resizing large number of images. One can add and resize multiple images with this tool in single go. The video sh…

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question