Solved

Use WSUS on none domain computers

Posted on 2013-05-21
24
298 Views
Last Modified: 2013-05-29
Hi all, Is it possible to set a WSUS server up on a workgroup and not a domain?
I have the server with WDS and WSUS and that is a domain controller but what i am after is imaging a load of computers but not joining the domain as we hire these out so domain membership is not needed.
We want a fast option to perform updates once a new image is installed and if we say do 50 builds we don't want to have 50 computers logging onto the internet to do the same updates.
i know we could refresh the build with the new updates but as they come out nearly every day this is a right pain.
Any help appreciated :-)
0
Comment
Question by:Shifnal
  • 12
  • 8
  • 3
  • +1
24 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39183951
0
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39184001
We use WSUS to deplay updates to a training domain that is seperate from the domain that our WSUS server is a member of, it works fine, we use a registry update via the login script to configure the Automic Updates service on the workstations to point at this WSUS server.

If you are pre-configuring the image with this information then ensure you clear the WSUS client id prior to creating your image.

We use this batch file on our image before sysprep.

@echo off
Echo This batch file will do the following:
Echo 1.    Stops the wuauserv service
Echo 2.    Deletes the AccountDomainSid registry key (if it exists)
Echo 3.    Deletes the PingID registry key (if it exists)
Echo 4.    Deletes the SusClientId registry key (if it exists)
echo.
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
Pause

Open in new window

0
 

Author Comment

by:Shifnal
ID: 39184018
will try both options and update when done.
Many thanks
0
 

Author Comment

by:Shifnal
ID: 39184191
fist responce fails with an error you can only import binary registry files from within the registry editor
0
 

Author Comment

by:Shifnal
ID: 39184205
Second response fails as well say files not there.
Can i not just change something on the local policy to point to the WSUS server?
0
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39184609
The code on that website is missing the correct first line that makes regedit understand the file.  My manual wsus registry update file looks like this:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://WSUS01:8530"
"WUStatusServer"="http://WSUS01:8530"

Open in new window

0
 

Author Comment

by:Shifnal
ID: 39185103
Same as before, comes up with an error saying i can only import binary files from within regedit, i try and it still fails.
Just to confirm, these computers are not part of a domain and never have been
0
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39185552
Ah sorry I see what you are doing.

Don't use the import feature in regedit, instead use

regedit "c:\<path_to_file>\filename.reg"

Open in new window


on the command line to import the settings from a .reg file into the registry.
0
 

Author Comment

by:Shifnal
ID: 39186658
still get the same message
"Cannot import c:\wsus.reg: The specified file is not a registry script.
Yo can only import Binary registry files from within the registry editor"

I am running command prompt as an administrator with the same results
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39187186
Might have a better solution...WSusOffline - http://download.wsusoffline.net/

Not related to WSUS as such, its a standalone app that downloads the updates from Microsoft and you then run 'UpdateClient.exe' on the client machine to install the updates on each machine you need them on...

It keeps record of all the updates you download - so in a way it acts like a WSUS
It can download all updates for XP/2003/2008/7/etc...x86 and x64
.Net, Service packs...the works

Just an other alternative, I use it for updating machines we reinstall from time to time, saves the downloads you mentioned...
0
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39187565
What are you using to create the .reg file?  it needs to be notepad or a text editor like notepad++

I've just tried copy inthe code into a blank notepad document, I saved it as wsus.reg to the root of my C: drive, then went into a command prompt and type regedit c:\wsus.reg.

It asked me to confirm that I wanted to import the values into the registry which i did and it came up with a message confirming it had successfully added the values into the registry.
0
 

Author Comment

by:Shifnal
ID: 39187844
did exactly the same, used notepad and saved it as wsus.reg ????
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39188028
Can you advise what operating system you are trying this on.
0
 

Author Comment

by:Shifnal
ID: 39188058
Windows 7 pro 64 bit
0
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39190411
I posted this yesterday, I must have posted it to the wrong thread as it obviously isn't here, oops!

http://crmdev.wordpress.com/2010/10/04/the-specified-file-is-not-a-registry-script-how-encoding-can-ruin-your-morning/
0
 

Author Comment

by:Shifnal
ID: 39190430
still get the same error no mater what code i save it under :-(
0
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39190473
Here is the one from my machine that worked ok, by all means view it to check it only contains legitimate code but DO NOT edit it.

Try importing this into to your registry using
regedit "c:\<path to file>\wsus.reg"

Open in new window

0
 

Author Comment

by:Shifnal
ID: 39202231
none of the above worked for me :-(
0
 

Author Comment

by:Shifnal
ID: 39203972
I've requested that this question be deleted for the following reason:

no answer worked so changed sollotion
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 500 total points
ID: 39202306
What about my solution? Its exactly what you want...

Download the updates...once
Then run the updates on each of the 50 machines you have?
0
 

Author Closing Comment

by:Shifnal
ID: 39203973
it's a work around although not all updates worked it gives 80%
0
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39203990
You have an issue with importing .reg files Shifnal, you need to investigate this issue as it could lead to potentially lots of other problems.

Have you tried disabling your security software and retried a .reg import?
0
 

Author Comment

by:Shifnal
ID: 39203993
Thanks for the post but the original question was about WSUS and not having problems with importing .reg files.
I will sort the WSUS out and then have a look into if i have issues importing .reg files and if i have problems may post another question onto here then.
many thanks to all experts who have helped in this :-)
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39204508
Not sure which updates didn't work...but there's a bit of playing around with the settings to get exactly everything you need...but its a bandwidth saver for us either way...cheers
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

When you are trying to access the server, have you ever encountered "The terminal server has exceeded the maximum number of allowed connection" error?  or "The user is attempting to log on to a Terminal Server in Remote Administration mode, but the …
This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now