Omar Soudani
asked on
How to add manually downloaded files to WSUS and use it in workgroup isolated area.
Hello all,
I have multiple computers in a workgroup environment (50 PCs) all not connected to the internet. I have downloaded the updates and I have the execution files, the question is can I use WSUS to push the updates to all PCs? How do I add the downloaded updates to WSUS.
I have multiple computers in a workgroup environment (50 PCs) all not connected to the internet. I have downloaded the updates and I have the execution files, the question is can I use WSUS to push the updates to all PCs? How do I add the downloaded updates to WSUS.
Last Comment
Shaun Vermaak
No, you need to let WSUS download its own files and those can be pushed via WSUS by Configuring update registry values ons those workgroup computers
updates from wsus is a pull operation not a push operation. The simplest way is to create a registry file and merge the file
Step 1: Create a *.reg file (wsus-client.reg) containing this:
Step 2: Edit the lines:
-
Source: https://community.spiceworks.com/how_to/2267-deploy-wsus-to-clients-without-ad-domain-gp-using-the-registry
See the source for a remove-wsus.reg and further reading
Step 1: Create a *.reg file (wsus-client.reg) containing this:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"AcceptTrustedPublisherCerts"=dword:00000001
"ElevateNonAdmins"=dword:00000001
"TargetGroup"="Workstations"
"TargetGroupEnabled"=dword:00000000
"WUServer"="http://your-WSUS-server:port"
"WUStatusServer"="http://your-WSUS-server:port"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000004
"AUPowerManagement"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequency"=dword:0000000a
"DetectionFrequencyEnabled"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000001
"NoAUAsDefaultShutdownOption"=dword:00000001
"NoAUShutdownOption"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RebootRelaunchTimeout"=dword:0000000a
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RescheduleWaitTime"=dword:0000000a
"RescheduleWaitTimeEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
Step 2: Edit the lines:
-
"WUServer"="http://your-WSUS-server:port"; and
- "WUStatusServer"="http://your-WSUS-server:port";
to match the IP address (or FQDN) of your WSUS server. IMPORTANT: remove the ";" from the end of that lines!
Examples:
"WUServer"=" http://WSUS.company.com:81 "
"WUStatusServer"=" http://WSUS.company.com:81 "
"WUServer"=" http://192.168.0.1 "
"WUStatusServer"=" http://192.168.0.1 "
"WUServer"=" http://intranet.local:8080 "
"WUStatusServer"=" http://intranet.local:8080 "
The first key is named WUServer. This registry key holds a string value which should be entered as the WSUS server’s URL.
By default, in Windows Server 2012, WSUS 4.0 uses port 8530. However, WSUS 3.0 uses port 80, by default
(How to Determine the Port Settings Used by WSUS - https://technet.microsoft.com/en-us/library/bb632477.aspx)
The other key that you will have to change is a string value named WUStatusServer. The idea behind this key is that the PC must report its status to a WSUS server so that the WSUS server knows which updates have been applied to the PC. The WUStatusServer key normally holds the exact same value as the WUServer key.
Source: https://community.spiceworks.com/how_to/2267-deploy-wsus-to-clients-without-ad-domain-gp-using-the-registry
See the source for a remove-wsus.reg and further reading
There is a way to integrate existing downloaded packages into WSUS, but it is tedious, and for MS Windows Updates just not worth the effort.
Set up WSUS so it does not approve updates automatically,
apply to all clients what a group policy would do in a domain (the stuff David posted), with some changes as you like,
and wait for at least two days, until enough machines have reported to WSUS.
Then approve what you want to get installed.
Machines being online should get the updates within the next two days after the update has been completed downloading.
You can try to force clients to report/check/download updates "immediately", but only on the machine itself:
Set up WSUS so it does not approve updates automatically,
apply to all clients what a group policy would do in a domain (the stuff David posted), with some changes as you like,
and wait for at least two days, until enough machines have reported to WSUS.
Then approve what you want to get installed.
Machines being online should get the updates within the next two days after the update has been completed downloading.
You can try to force clients to report/check/download updates "immediately", but only on the machine itself:
net stop wuauserv
net start wuauserv
REM pre-W10:
wuauclt /detectnow
REM W10:
UsoClient /StartScan
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
PC
A personal computer is a general-purpose computer whose size, capabilities and price make it useful for individuals, and is intended to be operated directly by an end-user with no intervening computer time-sharing models that allowed systems to be used by many people, usually at the same time. Personal computers may be connected to a local area network (LAN), either by a cable or a wireless connection, and through that to the Internet. A personal computer may be a laptop computer or a desktop computer running an operating system such as Windows, Linux or Macintosh OS.
16K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
