Link to home
Start Free TrialLog in
BLACK THANOSFlag for United States of America

asked on

How can I get windows updates to turn on from the registry

Good evening experts,

This is probably a very simple solution , but for the life of me I cant figure it out. On my Windows 7 computer, I go to control panel and then windows update and I get this message:

User generated image
I run this litte vbs snippet:

User generated image
My script actually change the value to 0 , which means it should turn on windows update and look like this:

User generated image
but it stays like this:

User generated image

Am I missing a crucial registry setting?? Please help
Avatar of Rob Miners
Rob Miners
Flag of Australia image

Check this article

How to configure automatic updates by using Group Policy or registry settings
Avatar of Sam Simon Nasser
try restarting the windows update service (start - control panel - administrative settings - services) ... restart it and make sure it's automatic - delayed.
Go to services.msc and make sure that the "Windows Update" service is set to Automatic and Started.

It should be started and on automatic. If not

1. Rightclick the service, chose properties,
2. in the next field you see a combobox named "Startup Type",
3. chose Automatic(Delayed start)
4. click apply,
5. Now click on start.

Also, go to msconfig -- services -- ensure that the "Windows Update" service is checked and status "running"
Look here (you didn't say you have a 32 bit or 64 bit computer): >
I wonder if those messages you posted are not a bit of MS overkill.  It may be just a very scary way of telling you that your settings in Control Panel\All Control Panel Items\Windows Update\Change settings are blocking Windows Updates.
What happens if you click the link offered "Let me choose my settings"?
It should get you to this page
Control Panel\All Control Panel Items\Windows Update\Change settings
Under "Important Updates" you should have a dropdown line giving you various choices.  I suspect you now have chosen "Never check for Updates".  MS worries for your security.
I have mine set to
"Check for updates but let me choose whether to download and install them."  
That gives me full control over what to do about Windows Updates.
But that is a matter for you to decide.  I agree you should choose something other than "Never check for Updates'>



You have missed the point of my question all together. I am not interested in going to control panel to configure windows updates. I will not go to each and every machine and configure windows updates. Also, I am not in an Active Directory environment and cannot use Group Policy ( at least not easily to configure over a hundred machines).

I know that MS is concerned about our security, but that is exactly why I am using my scripting skills to take advantage of the WMI tools MS offers to centrally deploy important windows updates. For additional clarity, I use a product called DeepFreeze to update all critical updates. I perform this after patch tuesday. Unfortunately , Faronics doesnt have an option for updating important updates, ergo my need for a solution to pick up where faronic's deep freeze product left off. I have read some of the other responses to my question and I believe the answer lies in restarting the window service. I checking the possibilities now. Howeve, I thank you for your input Jcimarron.

Regis Hyde
Grab your Deep Freeze Manual and read up on Maintenance Mode. You should be able to thaw your machines at a certain time to allow for controlled updates.
Not the issue rrjmin0,
I know more about Deep Freeze than most people, even the Deep Freeze Techs. I dont say this to toot my own horn. you are simply mis-reading the original context of what I am asking for. Please review my original question. Deep Freeze did its part with no problem at all. If you would kindly review the previous posts, you will see that I have validated that deep freeze handles Critical Updates quite nicely. My question has nothing to do with deep freeze. However, thank you for your input.

Regis Hyde
Results from a before and after registry snap with Automatic Updates Disabled at the onset. The main key is AUOptions.

old = disabled
new = re-enabled

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUOptions
New: DWORD: 4 (0x4)
Old: DWORD: 1 (0x1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\ElevateNonAdmins
New: DWORD: 1 (0x1)
Old: DWORD: 0 (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\IncludeRecommendedUpdates
New: DWORD: 1 (0x1)
Old: DWORD: 0 (0)
Good evening  rrjmin0,

now that is the kind of information I was looking for. I was looking at my script for registry changes and I am missing one of the ones you have above. This looks really promising. I will get back to you.
Frustrating, frustration, frustration.

My script works great, but still does not install important updates. Heres what I have so far:

User generated image
User generated image
User generated image
The machine name is wks-wnxp-01905. I unfroze it from deepfreeze.  Ran the script. It made the necessary changes. When 9pm came I expected the updates to begin right away, because  the day was Friday and the time scheduled was for 9pm. When the machine rebooted , it was about 8:57pm, so I watched and nothing happened. I wen to control panel and clicke on windows updates and 1 important and 8 optionals were ready, but I want to figure out a way to start the updates without remoteing into each machine to do it.
I want to set it and forget it.  I know some of you may me saying , dude just set up WSUS, but the Boys & Girls Clubs have no more licenses for me to use. I even asked them to let me use an old windows 2003 server to install WSUS on and simply be done with it. Its not like I am asking them to go out and purchase Microsoft SCCM for window updates. I am relegated to figuring this stuff out via scripting. I am playing a little with powershell, but my
strong suit is vbcript, wmi, whshell, and command line scripting. I could probably do all of this in C# but that would be a learnnig curve that I simply dont have time to do just now.
I love the links rrjmino,

I can handle the registry settings very easily via wmi, but what you dont comment on is can I install WSUS on a machine that has windows 7 on it. I dont have accesss to Active Directory (not legally) and being a member of the Boys & Girls Clubs of Monterey County, ethics is our montra. The small business group that handles are AD environment (Soon to be all mine) , do not have any old windows 2003 servers around or the subsequent licenses. Sooooo, is there a way for me to use Windows 7 to deploy Windows update via WSUS. Keep in mind that I am already using a third party tool called DeepFreeze to install critical updates and this works flawlessly. I dont know why they didnt incorporate the options for important or optional updates. Your comments would be apperciated.
Sorry, I have misread this article. I thought that you could substitute a workstation with the registry hacks as WSUS and have it update the other workstations. That doesn't appear to be the case now that I've re-read the article.
Thank rrjmin0,
love your honesty
Avatar of Rob Miners
Rob Miners
Flag of Australia image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Tried your settings and with a bit of head scratching and luck, I can now have my important updates start at specific times with your examples.  Thanks rrjMino
You're welcome :)