Ramblings From The Litter Tray of Life

Posts Tagged ‘workgroup’

WSUS in the Workgroup

Posted by graycat on 27 August 2008

Sometimes you might be needing an update server in a small company or network where there is no domain or, like me in this case, you’re building a new machine and need to update it without joining it to the domain. Now even if you install the OS using the latest repository from the manufacturer you are going to have to update it further. This updating can take ages when pulled over the inter-web from MS so accessing a WSUS server would be ideal.

Well with a little work, you can get a workgroup machine to use your domain WSUS server ….. and here’s how.

Two main options really (as laid out here by Microsoft) – policy based and registry based. I’m not going to go into the policy based stuff as that’s really well covered in the MS page and very straight forward. The method I’ve just used though is adding to the registry.

After a little searching I ran across a few reg keys that’ll point the machine towards the right WSUS, set download / install options and even drop it into the right WSUS group. In the end I went with this reg settings:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\]
“WUServer”=”http://192.168.0.100”
“WUStatusServer”=”http://192.168.0.100”

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\]
“AUOptions”=dword:00000002
“NoAutoRebootWithLoggedOnUsers”=dword:00000001
“NoAutoUpdate”=dword:00000000
“RescheduleWaitTime”=dword:00000005
“ScheduledInstallDay”=dword:00000000
“ScheduledInstallTime”=dword:00000000
“UseWUServer”=dword:00000001

The first few keys are pretty self evident as specifying your WSUS server. I’ve seen people suggesting that the server name, FQDN and IP address all work but I could only get the IP address to work and think this is a better solution anyway. In these keys you will also need to specify the port number to use if it is not the default port 80. This is done thus “http://192.168.0.100:8530”.

The AU section is where it gets interesting and allows you to set all the options such as downloading, installing and reboots. The AUOptions dword options go like this:

  • 1 – Keep my computer up to date has been disabled in Automatic Updates.
  • 2 – Notify of download and installation.
  • 3 – Automatically download and notify of installation.
  • 4 – Automatically download and scheduled installation.

Personally I’m an option 3 kinda guy when it comes to servers, ie: download it but I’ll give final approval to install it or not manually. Yes, this takes more time but it’ll save a lot more time if something goes wrong IMO.

The other keys are pretty easy to follow so I won’t rewrite the MS article but here’s an overview.

ScheduledInstallDay – which days to install on. 0 = everyday

ScheduledInstallTime -what time you want the install to run using 0 – 23 time format (for the hours if you’re not hip with the military speak)

NoAutoUpdate – enables or disables autoupdate.

NoAutoRebootWithLoggedOnUsers – true or false situation. If set to 1, will not automatically restart a computer while users are logged on.

Posted in IT | Tagged: , , , | Leave a Comment »