I have an offline script that updates entries to enable our WSUS server (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\) We don't have Group Policy enabled - yet, so we need to update local GP on XP/Vista/Win7 workstations if needed, most are already set properly.

The issue with this script is that when I ran it the first time against test workstations that never previously ran the script, it worked fine. After I ran it again, I opened gpedit.msc from the workstation and the all the settings reverted back. If I check the registry, it looks correct all the settings from the script are updated properly, but group policy contains default settings. Not sure why this is ocurring, and I really don't want to break all the good settings on my workstations... Any ideas?

K1000 Systems Management Appliance v5.4.70402

Script contents:

Offline script

Windows O/S

Dont run on a schedule

1 Task - Run 2 Attempts


  1. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate is equal to 0.
  2. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!AUOptions is equal to 3.
  3. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallDay is equal to 0.
  4. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallTime is equal to 3.
  5. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTime is equal to 1.
  6. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers is equal to 1.
  7. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer is equal to 1.
  8. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUServer is equal to //hghost.
  9. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUStatusServer is equal to //hghost


  1. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate to 0.
  2. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!AUOptions to 3.
  3. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallDay to 0.
  4. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallTime to 3.
  5. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTime to 1.
  6. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers to 1.
  7. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer to 1.
  8. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUServer to //hghost.
  9. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUStatusServer to //hghost.


0 Comments   [ - ] Hide Comments


Please log in to comment

Community Chosen Answer



I believe you need to set the proper key types for some of these, not all are string values

Answered 02/01/2013 by: SMal.tmcc
Red Belt

  • Thanks! I'll see if there is any more info on this since I'm using the K1000 Configuration Policy, Enforce Registry Settings. I also found a few articles on exporting the reg key, and creating a batch file to import the settings, which may also be a good fit.
Please log in to comment
Answer this question or Comment on this question for clarity



Be sure to check Local Policy on that machine. If registry settings get changed after successfully setting them with a script, there really are only two possibilities -- policy or another script.

You say that you've not implemented Group Policy yet, but the only way to not implement Group Policy is to not implement Active Directory. The Default Domain Policy exists in every AD implementation, and if you have AD, then you should check the DDP for WSUS settings.

Also, you have the incorrect format for WUServer and WUStatusServer -- those values should be the URL of the WSUS Server, e.g. http://hghost. WSUS is a webservice-based application. It's accessed through a web server, thus needs a web address.

Answered 02/04/2013 by: LawrenceGarvin
White Belt

Please log in to comment