/build/static/layout/Breadcrumb_cap_w.png

Offline script - registry update for WSUS (K1000)

I have an offline script that updates entries to enable our WSUS server (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\) We don't have Group Policy enabled - yet, so we need to update local GP on XP/Vista/Win7 workstations if needed, most are already set properly.

The issue with this script is that when I ran it the first time against test workstations that never previously ran the script, it worked fine. After I ran it again, I opened gpedit.msc from the workstation and the all the settings reverted back. If I check the registry, it looks correct all the settings from the script are updated properly, but group policy contains default settings. Not sure why this is ocurring, and I really don't want to break all the good settings on my workstations... Any ideas?

K1000 Systems Management Appliance v5.4.70402

Script contents:

Offline script

Windows O/S

Dont run on a schedule

1 Task - Run 2 Attempts

Verify

  1. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate is equal to 0.
  2. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!AUOptions is equal to 3.
  3. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallDay is equal to 0.
  4. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallTime is equal to 3.
  5. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTime is equal to 1.
  6. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers is equal to 1.
  7. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer is equal to 1.
  8. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUServer is equal to //hghost.
  9. Verify that HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUStatusServer is equal to //hghost

Remediation

  1. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate to 0.
  2. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!AUOptions to 3.
  3. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallDay to 0.
  4. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallTime to 3.
  5. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTime to 1.
  6. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers to 1.
  7. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer to 1.
  8. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUServer to //hghost.
  9. Set HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUStatusServer to //hghost.

 


0 Comments   [ + ] Show comments

Answers (2)

Posted by: SMal.tmcc 11 years ago
Red Belt
2

I believe you need to set the proper key types for some of these, not all are string values


Comments:
  • Thanks! I'll see if there is any more info on this since I'm using the K1000 Configuration Policy, Enforce Registry Settings. I also found a few articles on exporting the reg key, and creating a batch file to import the settings, which may also be a good fit. - dualplanker 11 years ago
Posted by: LawrenceGarvin 11 years ago
White Belt
1

Be sure to check Local Policy on that machine. If registry settings get changed after successfully setting them with a script, there really are only two possibilities -- policy or another script.

You say that you've not implemented Group Policy yet, but the only way to not implement Group Policy is to not implement Active Directory. The Default Domain Policy exists in every AD implementation, and if you have AD, then you should check the DDP for WSUS settings.

Also, you have the incorrect format for WUServer and WUStatusServer -- those values should be the URL of the WSUS Server, e.g. http://hghost. WSUS is a webservice-based application. It's accessed through a web server, thus needs a web address.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ