6

Particularly for servers in which IE Enhanced Security Configuration is enabled, you need to have all the Windows Update/Microsoft Update URLs in your "Trusted Sites" list in order to use the site.

(Furthermore, for domain member servers where Group Policy enforces Internet Explorer's list of "Trusted Sites", you don't have the option to edit the Trusted Sites yourself... so all the necessary URLs should be listed in the GPO.)

So, what is the full list of URLs I'll need in IE's Trusted Sites? So far I have the following:

I seem to remember there being several more...

ewall
  • 1,064
  • 3
  • 15
  • 23

4 Answers4

9

KB836941 suggests these addresses:

http://*update.microsoft.com

https://*update.microsoft.com

http://download.windowsupdate.com

Better still:

http://*.microsoft.com
http://*.windowsupdate.com
longneck
  • 23,082
  • 4
  • 52
  • 86
joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Ah, `*update.microsoft.com` instead of `*.update.microsoft.com`, which covers the http://windowsupdate.microsoft.com case as well as http://update.microsoft.com. Looks good to me, but I remember having to program more than these into UTM firewalls to keep them from messing with the traffic...? – ewall Nov 17 '11 at 17:04
  • Yah - except IE9 won't accept anything in the form *alphanum, it requires a dot between "*" and "alphanum" This is from the error message:- You have entered an invalid wildcard sequence. Examples of valid patterns: *://*.microsoft.com http://*.microsoft.co.jp Examples of invalid patterns: http://microsoft.*.com ftp://* –  Aug 24 '12 at 07:56
  • Interesting. On Server 2008R2, I removed all trusted zones and then added the two 'better still' ones you recommend. It took *.microsoft.com but would not take *.windowsupdate.com, stating in a message box that it was already in the trusted zone (but I don't see it which is also strange!) – Huntrods Nov 19 '13 at 17:25
4

I did a little more digging and found the following.

From KB836941 that @joequerty found:

  • http://*update.microsoft.com
  • https://*update.microsoft.com
  • http://download.windowsupdate.com

From an MS MVP's WSUS blog:

  • http://windowsupdate.microsoft.com
  • http://*.windowsupdate.microsoft.com
  • https://*.windowsupdate.microsoft.com
  • http://download.windowsupdate.com
  • http://*.download.windowsupdate.com
  • http://*.windowsupdate.com
  • http://wustat.windows.com
  • http://ntservicepack.microsoft.com

Not required for Windows Update, but could also be useful:

  • http://office.microsoft.com/officeupdate

Combined with the wildcard rules in KB184456, I get the following:

  • *://*update.microsoft.com
  • *://*.windowsupdate.com
  • http://wustat.windows.com
  • http://ntservicepack.microsoft.com
  • http://office.microsoft.com

Hope that helps someone out there!

Chris Salij
  • 105
  • 7
ewall
  • 1,064
  • 3
  • 15
  • 23
0

Make it easy:

http://*.microsoft.com
http://*.windowsupdate.com

Repeat above with https.

Ben L
  • 11
  • 2
-1

Even better:

*://*.microsoft.com
*://*.windowsupdate.com
*://*.windows.com
NotoriousPyro
  • 260
  • 1
  • 5