Windows Server 2003 for 64-Bit Extended Systems
cancel
Showing results for 
Search instead for 
Did you mean: 

Changing WSUS from User interaction To automatic updates

SOLVED
Go to solution
Damien Brennan
Occasional Advisor

Changing WSUS from User interaction To automatic updates

This is a bit complex but hopefully some one can show me the way.

we have a WSUS(1) server that recieves its updates from an (upsteam?) WSUS(2) server that in a diffrent domain.

WSUS(1) was configured to let user know that there was updates available, and it was up to the users to download and install the updates..

Here is the setting from the registery, this file is installed on each machine on that network.....
--------------------------------------------------------------------------
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://WSUS(1)"
"WUStatusServer"="http://WSUS(1)"

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"RescheduleWaitTime"=dword:0000001e
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000010
"UseWUServer"=dword:00000001
"LastWaitTimeout"=-
"DetectionStartTime"=-

--------------------------------------------------------------------------
This works well, but as you can imagine, having to chase users to install patches can be tiresome. i want to make this process automatic.

so what i have done now is, removed that reg file from a test machine, and edited the GPO so that windows Update service will download and install these updates automatically once a week.

but its not working for me.... :(


has any one any suggestions for me to try? all help appreaciated.

Regards
Damien
6 REPLIES
Gary Cooper_1
Esteemed Contributor
Solution

Re: Changing WSUS from User interaction To automatic updates

Hi Damien,

WSUS is really designed to work with group policies. Here's how I did it:

Create the Group Policy
Start the Group Policy Editor from Server Management
Right-click Advanced Management/Group Policy Management/Forest: windows.area5.cgs.local/Group Policy Objects
Select New
Name: WSUS
OK
Right-click WSUS
Select Edit
Navigate to Computer Configuration/Administrative Templates/Windows Components/Windows Updates
Enable automatic updates
Double-click Configure Automatic Updates
Check Enabled
Configure automatic updating: 4 - Auto download and schedule the install
Schedule install day: 0 - Every day
Schedule install time: 03:00
OK
Tell the user to restart the computer if required
Double-click No auto-restart for scheduled Automatic Updates installations
Check Enabled
OK
Re-attempt the Automatic Update 5 minutes after the computer is restarted if an AutoUpdate is missed (e.g. computer is turned off)
Double-click Reschedule Automatic Updates scheduled installations
Check Enabled
Wait after system startup (minutes): 5
OK
Where to find the updates
Double-click Specify intranet Microsoft update service location
Check Enabled
Set the intranet update service for detecting updates: http://:8530
Set the intranet statistics server: http:// :8530
OK

Link the Group Policy to the Group Policy Objects
Workstations
Start the Group Policy Editor from Server Management
Right-click Advanced Management/Group Policy Management/Forest/Domains/windows.area5.cgs.local/MyBusiness/Computers/SBSComputers
Select Link an existing GPO...
Group Policy object: WSUS
OK
Right-click the GPO and select Enable Link

Area5pdc
Start the Group Policy Editor from Server Management
Right-click Advanced Management/Group Policy Management/Forest/Domains/windows.area5.cgs.local/Domain Controllers
Select Link an existing GPO...
Group Policy object: WSUS
OK
Right-click the GPO and select Enable Link

BTW, have you cheched out the WSUS user forum - http://www.wsus.info/forums/

Regards,

Gary
Jon Finley
Honored Contributor

Re: Changing WSUS from User interaction To automatic updates

I'm going to assume that your clients are XP. If this is the ONLY GPO you are using, and it's not working, then you may need to do the following:

Since the GPO is at the Computer level (not user level), the computer needs to see the GPO at startup. Make sure that you have the following selected in your BASE GPO, or within this WSUS GPO:
Under Computer, Administrative Templates, System, Logon. Enable - "Always wait for the network at computer startup and logon."

This was the default action for Windows 2000 and prior.

Jon
"Do or do not. There is no try!" - Yoda
Damien Brennan
Occasional Advisor

Re: Changing WSUS from User interaction To automatic updates

hi gary,
im showing my ignorance here,

but when you say "start the Group Policy Editor from Server Management" im lost.

can you give me more info for this ?

Thanks
Gary Cooper_1
Esteemed Contributor

Re: Changing WSUS from User interaction To automatic updates

Hi Damien,

What OS are you using? The instructions that I gave were taken directly from the Computer Log for my SBS 2003 machine.

You should however be able to get to the Group Policy Editor from Administrative Tools.

Regards,

Gary
Damien Brennan
Occasional Advisor

Re: Changing WSUS from User interaction To automatic updates

Hi Gary,
Thanks for that, i think ive found the issue.

there are 3 domain controllers for this domain, 2 server 2000, and 1 server 2003.

in my wisdom i was configuring the GPO for an the server 2003 Dc, which is not the primary DC.

once i get that promoted and the other demoted, it should be ok.

Thanks for you help

Gary Cooper_1
Esteemed Contributor

Re: Changing WSUS from User interaction To automatic updates

Hi Damien,

Glad you got it sorted!

Regards,

Gary