Solved

Non domain/ windows updates

Posted on 2014-02-24
3
1,822 Views
Last Modified: 2014-02-24
Hello,

Is there a way to control Windows updates for multiple computers that are not currently not in a domain (third party apps or other). I'm aware that within a domain WSUS would probability be deployed?  Thanks for any information you may be able to provide.

All the best,
Wattz
0
Comment
Question by:nickywattz
3 Comments
 

Expert Comment

by:pr0gm4n
ID: 39883797
You still can use WSUS without a domain but you'll have to change some registry entries in every client. that way every client must point to the WSUS IP server, if that works for you here's the solution


1.      
Create a *.reg file (wsus-client.reg) containing this:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"AcceptTrustedPublisherCerts"=dword:00000001
"ElevateNonAdmins"=dword:00000001
"TargetGroup"="Workstations"
"TargetGroupEnabled"=dword:00000000
"WUServer"="http://your-WSUS-server:port";
"WUStatusServer"="http://your-WSUS-server:port";

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000004
"AUPowerManagement"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequency"=dword:0000000a
"DetectionFrequencyEnabled"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000001
"NoAUAsDefaultShutdownOption"=dword:00000001
"NoAUShutdownOption"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RebootRelaunchTimeout"=dword:0000000a
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RescheduleWaitTime"=dword:0000000a
"RescheduleWaitTimeEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001

2.      
Edit the lines:
- "WUServer"="http://your-WSUS-server:port";; and
- "WUStatusServer"="http://your-WSUS-server:port";;
to match the IP address (or FQDN) of your WSUS server. IMPORTANT: remove the ";" from the end of that lines!

Examples:
"WUServer"=" http://WSUS.company.com:81 "
"WUStatusServer"=" http://WSUS.company.com:81 "

"WUServer"=" http://192.168.0.1 "
"WUStatusServer"=" http://192.168.0.1 "

"WUServer"=" http://intranet.local:8080 "
"WUStatusServer"=" http://intranet.local:8080 "

The first key is named WUServer. This registry key holds a string value which should be entered as the WSUS server’s URL.

The other key that you will have to change is a string value named WUStatusServer. The idea behind this key is that the PC must report its status to a WSUS server so that the WSUS server knows which updates have been applied to the PC. The WUStatusServer key normally holds the exact same value as the WUServer key.

3.      
Store the *.reg file
where the computers have access to it.

4.      
Apply the *.reg file by:
- double click on it from the client machine (admin rights required)
OR
- put in into the login script so it will be applied at every login

Here an example for using it in a Novell Login Script (Drive Z: is here the drive needed for the login):

IF OS = "WINNT" THEN
#regedit.exe /s Z:\WSUS\wsus-client.reg
@wuauclt.exe /resetauthorization /detectnow
END

76738995e71728dac04dbfda5c36e2482bf65e1fead6c945d068ff383595c652_xp-wsus-enabled_big
5.      
Options:
Here some links to get more informations about the options used in the *.reg file:

- http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx 
- http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part1.html 
- http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part2.html 
- http://www.wsus.de/gpo (German - sorry)
- http://smallvoid.com/article/winnt-automatic-updates-config.html 
- http://www.appdeploy.com/tips/detail.asp?id=103

6.      
How to remove that settings from the client?
Maybe it`s needed to remove that settings for various reasons. To get the default values in the registry, just follow the next step.

7.      
Create a *.reg file (remove-wsus-client.reg) containing this:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

8.      
Store the *.reg file
where the computers have access to it.

9.      
Apply the *.reg file by:
- double click on it from the client machine (admin rights required)

That`s all. I don`t think it`s useful to add this in a login/logout script ;-) but it would work too.

3160e5d533e6fe595329591ebf9493bca50fe03d1cfdd4e16dd5d36dca090e17_xp-wsus-disabled_big
Conclusion
I use this method for setting up a new machine even the machine will be used outside of our network after setup.
In this way the new client gets all needed updates in a shorter time frame than downloading it all via internet from Microsoft.
After finishing the setup, I remove the settings as described from #6 on.
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 39883804
not being in a domain, you can't use a GPO but you can still configure them individually for WSUS; domain isn't required

you would go on the local system and run gpedit.msc and go to computer configuration -> administrative templates -> windows components -> windows update

from there you can define values for "specify intranet microsoft update service location" and put the URL of the wsus server.  you can also define other options as you need

i've done a non-domain wsus virtual test environment at home and works nicely
0
 

Author Comment

by:nickywattz
ID: 39884093
Thank you both for the comments. I didn't realize you could use WSUS without a domain. Could you please provide some useful articles related to building a WSUS server (requirements involved) . And the steps you took in creating your virtual environment. I have about 50 computers that will need updates.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add Servers IP Address to pregenerated mail 11 87
deploy workstation 4 76
testing sql16 on win10 vs OS16 2 34
Windows 10 IE Certificate Issue 10 41
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now