How can I use WSUS in a Windows Workgroup?
Registry
Please see the article Configure Automatic Updates in a Non–Active Directory Environment.
-
You're going to want to set these registry keys to the URL for your WSUS server (for example:
http://wsus.local
):HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\WUServer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer
Note: The key
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
does not exist on a fresh installation of Windows 7. You will have to create it if it doesn't exist. -
Then create a new DWORD named
UseWUServer
in the following key and set it to1
:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
This should be enough to tell the system to use your local WSUS installation.
Please see the article linked above for further options in configuring the Windows Update behavior.
Example
These are the default settings a Windows Small Business Server 2010 will set:
Group Policy
It should also be noted that these settings are also accessible through the Local Group Policy Editor under Computer Configuration\Administrative Templates\Windows Components\Windows Update
:
click to enlarge
In the group policy editor, we can also see the group policy that may be used to restrict access to Windows Update for a user. This would allow installation only directly through WSUS approval and automatic installation (which would have to be configured):
click to enlarge
Related videos on Youtube
PnP
Updated on September 18, 2022Comments
-
PnP over 1 year
Essentially I was wondering if it's possible to use the local gpedit.msc on Windows 7 and Windows Server 2008R2 machines to configure clients to use a workgroup based WSUS installation. With this - I would still like to ensure users can use Windows Update manually but the WSUS does the majority of the work!
-
PnP almost 12 yearsWould that by default go ahead and use WSUS, but still allow manual Windows Update checks?
-
Oliver Salzburg almost 12 years@TheD: It should. The access to Microsofts own update servers would have to be disabled separately.
-
PnP almost 12 yearsHKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\WUServer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer - Do I need to create these keys and folders? They don't exist in my Win7 box ?
-
Oliver Salzburg almost 12 years@TheD: The part up until
Microsoft\Windows
should exist, otherwise I would be a bit confused. If the folderWindowsUpdate
does not exist, create it. -
PnP almost 12 yearsSorry yes, should of been more specific with that! Yeah, it's just the WindowsUpdate which doesn't. Cheers!
-
PnP almost 12 yearsMany thanks again for the very detailed answer, I wish I could rate it twice!
-
PnP almost 12 yearsIt's been about 10mins now, my machine's dont appear to be checking into WSUS, even after a restart?
-
Oliver Salzburg almost 12 years@TheD: To make sure your clients are using the correct server and aren't having any issues, check
%WINDIR%\WindowsUpdate.log
(be sure to start at the end). Also, I still remember my own WSUS issues vividly: serverfault.com/questions/390639/… If you need more help, find me on Super User Chat :) -
Henry almost 9 yearsIt takes days (1 to 10) for WSUS clients to start working properly, just be patient