Scripting Question

Is it possible to push GP updates to remote users who are off lan?

07/16/2018 880 views
Hello all

To expand on what I was asking, is there a way in the KACE appliance that I can be able to create a script to push a Group Policy update to a machine that is remote without giving users VPN rights to do so OR with the use of a 3rd party application to achieve this?

EXAMPLE: user1 is issued a machine and the machine has a GP that allows it to grab windows update from the internal WSUS server. user1 decides to work remote without letting anyone know and the machine is behind on windows updates because the GP is designed to only receive updates from the internal WSUS server in the domain. user1 is unable to make it back in the office to receive the GP to allow the machine to receive updates from the public Microsoft update server instead of the internal WSUS server.

I look forward to hearing back what the community has to offer.
Answer Summary:
0 Comments   [ + ] Show comments


Answer Chosen by the Author

Answered 07/20/2018 by: rswayback5
White Belt

  • OMG this was a god send thank you!

    now my question is, will this work for both WIn7 and WIN10 or just one or the other?
    • It should work with both. We have a mixed environment with both 7 and 10. I'll post a snip of the reverse script as well that disables automatic updates from Microsoft. Note that we use Kace for updates so I'm not sure that the disable script will work for WSUS.
      • we want the updates to keep coming in so that all of our machines are all patched in with the latest security updates. we have a problem in which users who are supposed to sit on site go remote and their machines never get updates from Microsoft because they are trying to connect to our internal WSUS server from the outside.
      • The one I posted should work fine for that. You just may need to take a look at the "WUServer" and "UseWUServer" keys (what they are set to now) to know how to reverse the keys. Wouldn't hurt to just capture all of the above keys and make sure you can revert them back when necessary.
  • I am trying to find which option makes the argument " verify that "KEY STRING" is equal to"" "
    • Make sure the script is set to run for Windows and not "All" operating systems.
    • "Verify a registry value is exactly"
      • thanks! now I am running into errors with the script. dumb question to ask XD but how do I upload screenshots to reply's to show what I am seeing?
      • I wasn't able to either. I had to choose "Answer this Question" in order to add a screenshot.

All Answers

Most group policy settings are registry keys, you can use a KACE script to get the registry keys remotely.
Answered 07/17/2018 by: chucksteel
Red Belt

  • I will give that a try and see how it works. I am in the registry trying to figure out what setting in the registry controls where it tells windows where to gets its updates from. I know we have a WSUS server in our domain that pushes updates out to our users in the office. I am trying to find that 1 setting in the registry that I can change to have the machine check for updates from the public microsoft server instead of our internal WSUS when the machine is off LAN.
    • We have a script that does this. I'll post a screen shot if I can figure out how.
      • I look forward to seeing that soon! if it works, ill reply back and confirm it
  • it would help if i mentioned in the first place that the user machines are WIN7 enterprise.

these are the errors that I am running through with a screen cap of the scripts that I made for troubleshooting

I redacted the name of our WSUS server
Answered 07/20/2018 by: adams071
Senior White Belt

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ