Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Non domain/ windows updates

Posted on 2014-02-24
3
Medium Priority
?
2,132 Views
Last Modified: 2014-02-24
Hello,

Is there a way to control Windows updates for multiple computers that are not currently not in a domain (third party apps or other). I'm aware that within a domain WSUS would probability be deployed?  Thanks for any information you may be able to provide.

All the best,
Wattz
0
Comment
Question by:nickywattz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Expert Comment

by:pr0gm4n
ID: 39883797
You still can use WSUS without a domain but you'll have to change some registry entries in every client. that way every client must point to the WSUS IP server, if that works for you here's the solution


1.      
Create a *.reg file (wsus-client.reg) containing this:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"AcceptTrustedPublisherCerts"=dword:00000001
"ElevateNonAdmins"=dword:00000001
"TargetGroup"="Workstations"
"TargetGroupEnabled"=dword:00000000
"WUServer"="http://your-WSUS-server:port";
"WUStatusServer"="http://your-WSUS-server:port";

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000004
"AUPowerManagement"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequency"=dword:0000000a
"DetectionFrequencyEnabled"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000001
"NoAUAsDefaultShutdownOption"=dword:00000001
"NoAUShutdownOption"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RebootRelaunchTimeout"=dword:0000000a
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RescheduleWaitTime"=dword:0000000a
"RescheduleWaitTimeEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001

2.      
Edit the lines:
- "WUServer"="http://your-WSUS-server:port";; and
- "WUStatusServer"="http://your-WSUS-server:port";;
to match the IP address (or FQDN) of your WSUS server. IMPORTANT: remove the ";" from the end of that lines!

Examples:
"WUServer"=" http://WSUS.company.com:81 "
"WUStatusServer"=" http://WSUS.company.com:81 "

"WUServer"=" http://192.168.0.1 "
"WUStatusServer"=" http://192.168.0.1 "

"WUServer"=" http://intranet.local:8080 "
"WUStatusServer"=" http://intranet.local:8080 "

The first key is named WUServer. This registry key holds a string value which should be entered as the WSUS server’s URL.

The other key that you will have to change is a string value named WUStatusServer. The idea behind this key is that the PC must report its status to a WSUS server so that the WSUS server knows which updates have been applied to the PC. The WUStatusServer key normally holds the exact same value as the WUServer key.

3.      
Store the *.reg file
where the computers have access to it.

4.      
Apply the *.reg file by:
- double click on it from the client machine (admin rights required)
OR
- put in into the login script so it will be applied at every login

Here an example for using it in a Novell Login Script (Drive Z: is here the drive needed for the login):

IF OS = "WINNT" THEN
#regedit.exe /s Z:\WSUS\wsus-client.reg
@wuauclt.exe /resetauthorization /detectnow
END

76738995e71728dac04dbfda5c36e2482bf65e1fead6c945d068ff383595c652_xp-wsus-enabled_big
5.      
Options:
Here some links to get more informations about the options used in the *.reg file:

- http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx 
- http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part1.html 
- http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part2.html 
- http://www.wsus.de/gpo (German - sorry)
- http://smallvoid.com/article/winnt-automatic-updates-config.html 
- http://www.appdeploy.com/tips/detail.asp?id=103

6.      
How to remove that settings from the client?
Maybe it`s needed to remove that settings for various reasons. To get the default values in the registry, just follow the next step.

7.      
Create a *.reg file (remove-wsus-client.reg) containing this:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

8.      
Store the *.reg file
where the computers have access to it.

9.      
Apply the *.reg file by:
- double click on it from the client machine (admin rights required)

That`s all. I don`t think it`s useful to add this in a login/logout script ;-) but it would work too.

3160e5d533e6fe595329591ebf9493bca50fe03d1cfdd4e16dd5d36dca090e17_xp-wsus-disabled_big
Conclusion
I use this method for setting up a new machine even the machine will be used outside of our network after setup.
In this way the new client gets all needed updates in a shorter time frame than downloading it all via internet from Microsoft.
After finishing the setup, I remove the settings as described from #6 on.
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 1500 total points
ID: 39883804
not being in a domain, you can't use a GPO but you can still configure them individually for WSUS; domain isn't required

you would go on the local system and run gpedit.msc and go to computer configuration -> administrative templates -> windows components -> windows update

from there you can define values for "specify intranet microsoft update service location" and put the URL of the wsus server.  you can also define other options as you need

i've done a non-domain wsus virtual test environment at home and works nicely
0
 

Author Comment

by:nickywattz
ID: 39884093
Thank you both for the comments. I didn't realize you could use WSUS without a domain. Could you please provide some useful articles related to building a WSUS server (requirements involved) . And the steps you took in creating your virtual environment. I have about 50 computers that will need updates.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question