Getting PCs to report to WSUS
You may find it more effective and convenient to set the appropriate WSUS server using Group Policy; you can create a Group Policy Object with the settings under Computer Configuration > Administrative Templates > Windows Components > Windows Update, primarily Specify intranet Microsoft update service location , but also any other options within the Windows Update section you wish, such as when to install updates if scheduled, etc - have a look through them as applicable.
The benefits of this are;
- to address your above concern re: the setting being 'lost'; the Group Policy will be applied on every logon of every (applicable) machine, which functionally mitigates the possibility of the setting being 'lost'
- You may at some point in the future find it advantageous to have more granular control over which computers use which WSUS server(s), for example if you were to have more than one site, each with its own WSUS server.
You may then set the security settings of this GPO such that all it applies to all computers (this is the default for new GPOs), and link it within your AD structure such that it will apply to all computers which you wish to use the WSUS server in question.
Related videos on Youtube
07 : 53
07 : 25
03 : 57
01 : 51
06 : 47
02 : 50
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
We have Windows Server Update Services (WSUS) set up in our domain environment. It is configured and working correctly. We run into an issue every once in a where Windows Update will lose/forget the setting and go out get updates online overnight. We countered this by disabling Windows Update through a registry change:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 1 /fThis stopped Windows Update from running automatically if it loses policy.
We have since added this to our New PC batch file that we run on all new PCs. We've noticed that those new computers are not reporting to the WSUS server. It seems like if I go on the computer and manually kick off a Windows Update it will find the server and do it's thing.
Is there a way I can somehow make all the PCs "Check for Updates" so they all get reported on our WSUS server and start receiving updates?
Thanks!
-
Sun over 9 yearsWelcome to the site. Please make sure to fully spell any abbreviations the first time so everyone knows exactly what you are talking about. We, as professionals, know the acronym, but not everyone who reads the post may know. Now, wre you saying Windows Update on each workstation forgets the group policy and goes to Microsoft.com directly for the Windows Update? Your post is not clear what the problem is. Also, this is more of a ServerFault question as it relates directly with Windows Servers.
-
Admin over 9 yearsYes, we have ran into issues where it forgets group policy and goes to Microsoft and gets the updates (We have certain updates they can't receive such as IE11 because of compatibility issues with some websites). Since we made that registry change some computers have not connected to the WSUS server. It appears that when you manually do a Windows Update "Check for Updates" it will then find our WSUS server. Is there a way to force all the computers on our network to do a Windows Update "Check for Updates" so it finds our WSUS server? Hopefully that clears it up.
-
Ben Plont over 9 yearsWhen you say it's configured and working correctly...Do you have Group Policy set for client side or server targeting? Can you give us the rsop.msc results from a client computer that isn't syncing & the group policy settings your domain uses? -
techie007 over 9 yearsPerhaps check out: How can I force a wsus client to download updates?
-
