Solved

Windows 2003 - Group Policy / Windows Updates

Posted on 2010-08-19
7
764 Views
Last Modified: 2013-12-04
Good Morning,

We have two servers in our domain running Windows 2003 but there seems to be a problem with the way that Windows Update is running.

The Group Policy for both the Domain and the Servers is setup to allow access to Windows Update and to Download but not install updates but that isn't whats happening.

On the Primary Domain Controller :

It seems to put something in the Registry which blocks access to Windows Update, if I visit the site now I get error code 0x8024002E

On the other Server in the Domain (Backup Controller) :

This goes to Windows Update, identifies updates, downloads each update but then will not install any of them.

Can someone help me reset the Windows Update policy to the default, thus allow both servers to connect to Windows Update?

Many thanks

 

M
0
Comment
Question by:mattstannard
  • 4
  • 3
7 Comments
 
LVL 8

Assisted Solution

by:SylvainDrapeau
SylvainDrapeau earned 500 total points
ID: 33473462
Hello !

Not 100% sure but close :

In the group policies, go tu "Machine\Admin Template\Windows Component\Windows Update" and "User\Admin Template\Windows Component\Windows Update"
In the registry, go to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate

Go first to the policies and set them all to "Not Configured", then (after a feew hours) go to the registry and finish the cleanup. When you are done, try WU and if all works fine, return to the policies and set them right.

Syldra
0
 

Author Comment

by:mattstannard
ID: 33473543
Hi,

Thanks for that, I've removed and re-added all of the templates and set them to Not Configured, however I get an error 0x8DDD0003.

This is because in the registry, a key is put there in

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Called

"DisableWindowsUpdateAccess" - I can't see what GPO object specifies how and where this is set. If I removed this key, I can access Windows Update but then if I click either Express or Custom I get  0x8024002E
0
 

Author Comment

by:mattstannard
ID: 33473766
Found the problem,

In the Local Policy there is a setting:

Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off access to all Windows Update features

This will also create the registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess

So when I disabled this it sorted the problem, thanks for your help!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:mattstannard
ID: 33473809
I've attached a list of Policy to Registry Key conversions for Windows 2003 SP2
WindowsServer2003SP2GroupPolicyS.xls
0
 
LVL 8

Accepted Solution

by:
SylvainDrapeau earned 500 total points
ID: 33476780
I don't think my comment was so not helpful that it's not worth some points.

In the end, the answer was under "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate", where I told you to look in the first place.

Syldra
0
 

Author Comment

by:mattstannard
ID: 33476903
Yes, sorry didn't mean not to give you anything. When I did GPUPDATE /force it just reappeared,the spreadsheet tells you where else generates this key. Helpful to have the same thing set in multiple places lol!
0
 
LVL 8

Expert Comment

by:SylvainDrapeau
ID: 33477055
Yes, I sometimes wonder how someone could come up with this. It works most of the time but here's a proof that it's not always 100% accurate and/or logical.

Anyways, thank you for accepting the solution, I appreciate.

Syldra
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question