1

My server is not on the domain so I cannot use group policy. I read about this article to update the registry key on the machine: https://serverfault.com/questions/316372/how-to-configure-workgroup-to-receive-updates-from-wsus

I do not wish to change registry key on my server, as later on this server will join to the domain and download patches from wsus using group policy. I don't want registry key cause a problem later on.

Is there another way to connect to wsus without changing the registry key on the server? For example, lets say I have already registered my server with wsus, so wsus knows the IP address of my server. can I manually run a command on the server so the server downloads patches from wsus?

Community
  • 1
  • 1
minisch
  • 323
  • 5
  • 19

2 Answers2

1

In my opinion, if you change a couple of registry settings related to updates it will not affect others services, also it will be easy to undo.

In case of interest i drop you my configuration for WSUS using registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] 
"AcceptTrustedPublisherCerts"=dword:00000001 
"ElevateNonAdmins"=dword:00000001 
"TargetGroup"="YOUR GROUP HERE" 
"TargetGroupEnabled"=dword:00000001 
"WUServer"="http(s)://YOURSERVER.DOMAIN:PORT" 
"WUStatusServer"="http(s)://YOURSERVER.DOMAIN:PORT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] 
"AUOptions"=dword:00000004 
"AUPowerManagement"=dword:00000001 
"AutoInstallMinorUpdates"=dword:00000001 
"DetectionFrequency"=dword:0000000a 
"DetectionFrequencyEnabled"=dword:00000001 
"IncludeRecommendedUpdates"=dword:00000001 
"NoAUAsDefaultShutdownOption"=dword:00000001 
"NoAUShutdownOption"=dword:00000001 
"NoAutoRebootWithLoggedOnUsers"=dword:00000001 
"NoAutoUpdate"=dword:00000000 
"RebootRelaunchTimeout"=dword:0000000a 
"RebootRelaunchTimeoutEnabled"=dword:00000001 
"RescheduleWaitTime"=dword:0000000a 
"RescheduleWaitTimeEnabled"=dword:00000001 
"ScheduledInstallDay"=dword:00000000 
"ScheduledInstallTime"=dword:00000003 
"UseWUServer"=dword:00000001
Luca Labate
  • 66
  • 6
0

For pulling updates from a specific WSUS without changing the registry, check the command line tool WuInstall, especially the /use_wsus option, there you can specify any wsus you want or also bypass it

We used it for the windows infrastructure of a few of our clients and it worked fine - the functionality is not completely free though, check http://www.wuinstall.com

GeraldDC
  • 11
  • 1