Windows Update, applying settings via registry change?


Hey guys,

We have a few computers here that for whatever reason are not getting the group policy change that specifies where computers go for Windows Update. We are using a SUS Server here to make things a bit more efficient. Unfortunately, I want to be lazy and don't want to have to go through gpedit.msc on each machine and setup the options.

I want to setup the machines so that they 1) Do updates every Monday at 3am. 2) Check for the Updates, and 3) Check with a frequency of 1 hour intervals.

How can I turn that into a registry file so that all I have to do is go to the location on the server, import the settings, and bam that's it?

Also, how can I check to see what settings WSUS is working with, I know there is a command line option or utility to be able to use it... does anyone know what I'm talking about? I know it checks all aspects of WSUS on the local machine to make sure it's active.



I would first resolve the issue of why the clients are not getting the policy applied to them.


Ok... well if I do a gpresult it says they are getting the policy. But for whatever reason it doesn't appear that the changes that the policy makes are being applied. Next step?


I don't believe so, but shouldn't the computer be applying the policy anyways if the section it's under isn't blocking inheritance?

well I think it will only apply the policy if the current setting is undefined - it won't overule it if there is a value there already.

Could create a policy with the settings you need and then enforce it, see if that makes a change.


I could try. It's just weird that the computers definitely are setting the policy (at least says GPResult)... but they're not making the changes on all of them. Where would I be looking at to resolve this issue? Server side? Computer Side? I really would like to fix this.

Here's another question:

Would it be more efficient to somehow push a registry change to all of the computers, rather than spend time troubleshooting why they are not updating the WSUS GP Information?

Well it might be working!?
Check the windowsupdate and "windows update" logs in the windows folder and see what the machine itself thinks or check its local registry (just search for the name of your sus server)

Also have you never considered WSUS? :)


I think you may be a bit... *gulp* confused! We are using WSUS! We have a policy being pushed out by the DC that is supposed to make ALL computers point to IP for WSUS, and is supposed to download updates every Monday @ 3:00am EST...

So to answer your question, yes! We have considered WSUS! And implemented!

Then again I am a tad bit confused. You provide me instructions on how to look in the registry for the WSUS Server information... which means you know we are using one... Silly brit! ;)

Oh, and I do check the Windows Update's log when I see computers that are failing their updates. But the primary problem we're having is computers that are not taking the WSUS settings, even though GPResult says that it's getting the WSUS Policy applied!

Yeah thought I would check and your first paragraph said SUS.
I know the settings are the same as we are using SUS still and looking at moving to sus.

Actually we just disabled sus, so might changeover soon.

