Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

Using WSUS without Active Directory

Sponsor

Windows Software Update Server (WSUS) is a great product that can be used to push out updates to your Windows computers. If you are deploying it in an Active Directory domain, you can use a GPO to quickly and easily configure your computers to use Automatic Updates and look to the WSUS server for those updates. But what if you are not using AD, can you still use WSUS? Yes.....

WSUS works just as well in Non-AD enviroments although the configuration is a bit more work on the client side. In order to control the behaviour of Automatic Updates and point the computers to the WSUS server there are a number of registry entries that have to be modified and/or created. To begin, open up regedit and drill down to:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

These five settings control the WSUS enviroment.

  • WUServer: Defines the location of the WSUS Server - RegString - http://wsus_server_name
  • WUStatus: Defines the location of the WSUS Status Server - RegString - http://wsus_server_name
  • TargetGroupEnabled: Enables (1) or disables (0) client side targeting - Reg_DWORD - 1 or 0
  • TargetGroup: Defines the name of the target group - Reg_String - Groupname
  • ElevateNonAdmins: Enables (1) or disables (0) non-admin users from controlling what updates get installed. - Reg_DWORD - 1 or 0

The next set of options configures Automatic Updates on the client. These options are located in the registry under

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

There are alot of options but I am only going to cover the main ones.

  • AUOptions: Automatically download and schedule installation. - Reg_DWORD - 4
  • ScheduledInstallDay: The day of the week to install the downloaded hotfxes, 0 = everday. - Reg_DWORD - 0
  • ScheduledInstallTime: The time of day to install the downloaded hotfixes, n = hour (0-23) - Reg_DWORD - 3 (3:00 AM)
  • DetectionFrequencyEnabled: Enables (1) or disables (0) the detection frequency interval - Reg_DWORD - 1
  • DetectionFrequency: Specifies the detection frequency interval, n=hours (0-22) - Reg_DWORD - 22
  • NoAutoRebootWithLoggedOnUsers: Prevents Automatic Updates from rebooting the computer if a user is logged in. If set to 1 the user will be prompted to reboot, if set to 0 the user will be warned that the PC is rebooting in 5 minutes. - Reg_DWORD - 1
  • UseWUServer: This must be present and set to 1 in order for the WSUS Enviroment values to be used. - Reg_DWORD - 1

These are the main options that need/should be set, however there are many more options you can configure.

For more information see:

Configure Automatic Updates in a Non–Active Directory Environment





Published Tuesday, June 27, 2006 6:09 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Sponsor

 

Syndication

Advertising

Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008