Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2199
  • Last Modified:

Non domain/ windows updates

Hello,

Is there a way to control Windows updates for multiple computers that are not currently not in a domain (third party apps or other). I'm aware that within a domain WSUS would probability be deployed?  Thanks for any information you may be able to provide.

All the best,
Wattz
0
nickywattz
Asked:
nickywattz
1 Solution
 
pr0gm4nCommented:
You still can use WSUS without a domain but you'll have to change some registry entries in every client. that way every client must point to the WSUS IP server, if that works for you here's the solution


1.      
Create a *.reg file (wsus-client.reg) containing this:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"AcceptTrustedPublisherCerts"=dword:00000001
"ElevateNonAdmins"=dword:00000001
"TargetGroup"="Workstations"
"TargetGroupEnabled"=dword:00000000
"WUServer"="http://your-WSUS-server:port";
"WUStatusServer"="http://your-WSUS-server:port";

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000004
"AUPowerManagement"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequency"=dword:0000000a
"DetectionFrequencyEnabled"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000001
"NoAUAsDefaultShutdownOption"=dword:00000001
"NoAUShutdownOption"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RebootRelaunchTimeout"=dword:0000000a
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RescheduleWaitTime"=dword:0000000a
"RescheduleWaitTimeEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001

2.      
Edit the lines:
- "WUServer"="http://your-WSUS-server:port";; and
- "WUStatusServer"="http://your-WSUS-server:port";;
to match the IP address (or FQDN) of your WSUS server. IMPORTANT: remove the ";" from the end of that lines!

Examples:
"WUServer"=" http://WSUS.company.com:81 "
"WUStatusServer"=" http://WSUS.company.com:81 "

"WUServer"=" http://192.168.0.1 "
"WUStatusServer"=" http://192.168.0.1 "

"WUServer"=" http://intranet.local:8080 "
"WUStatusServer"=" http://intranet.local:8080 "

The first key is named WUServer. This registry key holds a string value which should be entered as the WSUS server’s URL.

The other key that you will have to change is a string value named WUStatusServer. The idea behind this key is that the PC must report its status to a WSUS server so that the WSUS server knows which updates have been applied to the PC. The WUStatusServer key normally holds the exact same value as the WUServer key.

3.      
Store the *.reg file
where the computers have access to it.

4.      
Apply the *.reg file by:
- double click on it from the client machine (admin rights required)
OR
- put in into the login script so it will be applied at every login

Here an example for using it in a Novell Login Script (Drive Z: is here the drive needed for the login):

IF OS = "WINNT" THEN
#regedit.exe /s Z:\WSUS\wsus-client.reg
@wuauclt.exe /resetauthorization /detectnow
END

76738995e71728dac04dbfda5c36e2482bf65e1fead6c945d068ff383595c652_xp-wsus-enabled_big
5.      
Options:
Here some links to get more informations about the options used in the *.reg file:

- http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx 
- http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part1.html 
- http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part2.html 
- http://www.wsus.de/gpo (German - sorry)
- http://smallvoid.com/article/winnt-automatic-updates-config.html 
- http://www.appdeploy.com/tips/detail.asp?id=103

6.      
How to remove that settings from the client?
Maybe it`s needed to remove that settings for various reasons. To get the default values in the registry, just follow the next step.

7.      
Create a *.reg file (remove-wsus-client.reg) containing this:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

8.      
Store the *.reg file
where the computers have access to it.

9.      
Apply the *.reg file by:
- double click on it from the client machine (admin rights required)

That`s all. I don`t think it`s useful to add this in a login/logout script ;-) but it would work too.

3160e5d533e6fe595329591ebf9493bca50fe03d1cfdd4e16dd5d36dca090e17_xp-wsus-disabled_big
Conclusion
I use this method for setting up a new machine even the machine will be used outside of our network after setup.
In this way the new client gets all needed updates in a shorter time frame than downloading it all via internet from Microsoft.
After finishing the setup, I remove the settings as described from #6 on.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
not being in a domain, you can't use a GPO but you can still configure them individually for WSUS; domain isn't required

you would go on the local system and run gpedit.msc and go to computer configuration -> administrative templates -> windows components -> windows update

from there you can define values for "specify intranet microsoft update service location" and put the URL of the wsus server.  you can also define other options as you need

i've done a non-domain wsus virtual test environment at home and works nicely
0
 
nickywattzAuthor Commented:
Thank you both for the comments. I didn't realize you could use WSUS without a domain. Could you please provide some useful articles related to building a WSUS server (requirements involved) . And the steps you took in creating your virtual environment. I have about 50 computers that will need updates.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now