Siv
asked on
SBS2008 How To Force clients PCs to get updates from MS
Hi,
For various reasons I have removed WSUS and want my client PCs to get their updates from MS.
I have done the following:
1. Uninstalled WSUS through Programs & Features
2. Modified the local group policy using GPEdit: Computer Configuration - Administrative Templates - Windows Components - Windows Updates - Specify intranet Microsoft update service location and set it to disabled. I also set "Configure Automatic Updates" to Enabled.
3. In the registry I removed the 2 keys that pointed to the WSUS server in HKLM\SOFTWARE\Policies\Mic rosoft\Win dows\Windo wsUpdate
After all that I did a GPUpdate /Force and that succeeded but when I run Windows Update on the server, it is still saying that Updates are managed by the Administrator and not going to Microsoft by default?
What am I missing?
Siv
For various reasons I have removed WSUS and want my client PCs to get their updates from MS.
I have done the following:
1. Uninstalled WSUS through Programs & Features
2. Modified the local group policy using GPEdit: Computer Configuration - Administrative Templates - Windows Components - Windows Updates - Specify intranet Microsoft update service location and set it to disabled. I also set "Configure Automatic Updates" to Enabled.
3. In the registry I removed the 2 keys that pointed to the WSUS server in HKLM\SOFTWARE\Policies\Mic
After all that I did a GPUpdate /Force and that succeeded but when I run Windows Update on the server, it is still saying that Updates are managed by the Administrator and not going to Microsoft by default?
What am I missing?
Siv
ASKER
dstewartjr,
Command ran OK but when I run Windows Update it still says "You receive updates: Managed by your system administrator"?
Is there anything I need to do with IIS?
Siv
Command ran OK but when I run Windows Update it still says "You receive updates: Managed by your system administrator"?
Is there anything I need to do with IIS?
Siv
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/unable-to-change-windows-update-settings-some/2aafdc92-fb2e-4347-948d-ca71f87107a4
Check this link..
else if below registry entry is present then modify it..
Modified below reg settings : from 1 to 0
[HKEY_CURRENT_USER\Softwar e\Microsof t\Windows\ CurrentVer sion\Polic ies\Window sUpdate]
"DisableWindowsUpdateAcces s"=dword:0 0000000
Check this link..
else if below registry entry is present then modify it..
Modified below reg settings : from 1 to 0
[HKEY_CURRENT_USER\Softwar
"DisableWindowsUpdateAcces
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ha,
That's it, the Group Policy hadn't been changed in all of the domain locations:
I went into Administrative Tools >> Group Policy Management. I then clicked on "Update Services Client Computers Policy", went to the "Settings" tab, expanded
"Policies" > "Administrative Templates" > "Windows Components/Windows Update",
right-clicked the section relating to "Specify intranet Microsoft update Service location" and then selected "Group Policy Editor" and in that went to
"Computer Configuration" > "Policies" > "Administrative Templates" > "Windows Components" > "Windows Update"
I then made sure the policy "Specify intranet Microsoft update Service location" was "not configured" and "Configure Automatic Updates" was enabled. I repeated that for these as well in "Group Policy Management":
Update Services Common Settings Policy
Update Services Server Computers Policy
I then ran GPUPDATE /Force and after that the server now goes straight to MS and I can't check right now but am pretty certain so will the client PCs.
Thanks a lot,
Siv
That's it, the Group Policy hadn't been changed in all of the domain locations:
I went into Administrative Tools >> Group Policy Management. I then clicked on "Update Services Client Computers Policy", went to the "Settings" tab, expanded
"Policies" > "Administrative Templates" > "Windows Components/Windows Update",
right-clicked the section relating to "Specify intranet Microsoft update Service location" and then selected "Group Policy Editor" and in that went to
"Computer Configuration" > "Policies" > "Administrative Templates" > "Windows Components" > "Windows Update"
I then made sure the policy "Specify intranet Microsoft update Service location" was "not configured" and "Configure Automatic Updates" was enabled. I repeated that for these as well in "Group Policy Management":
Update Services Common Settings Policy
Update Services Server Computers Policy
I then ran GPUPDATE /Force and after that the server now goes straight to MS and I can't check right now but am pretty certain so will the client PCs.
Thanks a lot,
Siv
ASKER
Thanks for helping me spot what I had missed.
reg delete HKLM\Software\Policies\Mic