WSUS on non-domain computers

tgray96

[H]ard|Gawd
Joined
Dec 13, 2010
Messages
1,055
OK guys. Setup a Windows Update Server in my shop. Heres the issue I am having.. These systems are not on a domain ( as they are random client computers ) So, I am wanting to do it via Registry. Here is what I find for XP..
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

All things I have found refer to these two strings. I cannot find them at all.
I need to be able to change these settings on XP and up...

Thanks in advance for any provided help...
 

stevewm

2[H]4U
Joined
Jul 18, 2001
Messages
2,277
Instead of using WSUS in this manner, I recommend instead using "WSUS Offline Update" (http://www.wsusoffline.net/) Its a free utility that will download and install all the updates you choose without having to muck around with WSUS.

You can download and copy all the files to a USB stick. Put the stick in the computer and start "UpdateInstaller.exe"
 
Last edited:

gimp

[H]F Junkie
Joined
Jul 25, 2008
Messages
10,440
You don't edit the registry you make the changes in gpedit.msc

You could edit the registry, though, as it's much quicker to simply import the reg file than to modify gpedit.msc. Especially when you're doing numerous machines.

We use a reg file for a set of servers that are currently not on the domain.

I'm not sure if those reg keys would already exist if the machine has never been on a domain.

Here's the reg we use:

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://WSUSIP"
"WUStatusServer"="http://WSUSIP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000003
"DetectionFrequency"=dword:00000005
"DetectionFrequencyEnabled"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"UseWUServer"=dword:00000001
"RescheduleWaitTimeEnabled"=dword:00000001
"RescheduleWaitTime"=dword:00000005
 

tgray96

[H]ard|Gawd
Joined
Dec 13, 2010
Messages
1,055
Thanks guys. I did wind up figuring it out.
@stevewm I will take a look at it!

@Mister Natural it can be edited through the registry. I am unaware of how to do it with gpedit though

@j-sta You cannot import the reg file without the reg keys being there. I had to manually create the keys and import the data. Are you aware of a .reg file to remove the entered settings?
 

stevewm

2[H]4U
Joined
Jul 18, 2001
Messages
2,277
Thanks guys. I did wind up figuring it out.
@stevewm I will take a look at it!

I definitely recommend using WSUS offline...

I once tried to use WSUS to update client computers the way you are intending and it just didn't work out.

When you remove the registry keys to switch the machine back to using Microsoft's Windows Update, it doesn't always work 100%. The machine will sometimes throw random errors when attempting to use Windows Update and its a pain in the ass to get working again if this happens.

Its SOOO much easier to just keep a updated copy of WSUS offline on a large USB stick.
 

nessus

2[H]4U
Joined
Jan 30, 2001
Messages
2,221
Using the gpedit.msc GUI to set the options you want in a GUI with full text descriptions of all the options is definitely the way to go; on the machine you use to test the master setup. Then export the regkeys for import on the rest.

Then deactivate everything on your master and export again.

Two files for changing configuration, just restart the Windows Update service after applying whichever reg file and you are done.
 
Top