Yak uvіmknuti update vіndovs at the register. Nalashtuvannya WSUS Clients for additional Group Policies. Group Policy Editor

This article will give me a look at how to repair the WSUS agent.

1. The first script is the simplest, and, as a matter of fact, it’s not to search for vicariousness, but in order to start the conversion to update, well, clean the folder at once, in order to accumulate the distribution kit and install the updates:

wsus_detect_manual.cmd

net stop wuauserv && net stop bits && net stop cryptsvc

net start wuauserv && net start bits && net start cryptsvc

wuauclt.exe / detectnow exit

2. Another script is needed to "revive" the non-problem WSUS service. In a new way, cleaning all the old ones, after which the SoftwareDistribution and Catroot2 folders change, but when the service is restarted, it will be restored until it is re-solved. Then the system DLL libraries are rebuilt.

fix_wsus_service.cmd

net stop bits
net stop wuauserv
net stop cryptsvc

del / f / s / q% windir% \ SoftwareDistribution \ download \ *. *

ren% systemroot% \ System32 \ Catroot2 Catroot2.old
ren% systemroot% \ SoftwareDistribution SoftwareDistribution.old

REM del / f / s / q% windir% \ SoftwareDistribution \ *. *

del / f / s / q% windir% \ windowsupdate.log

% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ vbscript.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ mshtml.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ msjava.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ msxml.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ actxprxy.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ shdocvw.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ wintrust.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ initpki.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ dssenh.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ rsaenh.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ gpkcsp.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ sccbase.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ slbcsp.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ cryptdlg.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ Urlmon.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ Oleaut32.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ msxml2.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ Browseui.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ shell32.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ Mssip32.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ atl.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ jscript.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ msxml3.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ softpub.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ wuapi.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ wuaueng.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ wuaueng1.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ wucltui.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ wups.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ wups2.dll
% windir% \ system32 \ regsvr32.exe / U / s% windir% \ system32 \ wuweb.dll

% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ vbscript.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ mshtml.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ msjava.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ msxml.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ actxprxy.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ shdocvw.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ wintrust.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ initpki.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ dssenh.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ rsaenh.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ gpkcsp.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ sccbase.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ slbcsp.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ cryptdlg.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ Urlmon.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ Oleaut32.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ msxml2.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ Browseui.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ shell32.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ Mssip32.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ atl.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ jscript.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ msxml3.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ softpub.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ wuapi.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ wuaueng.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ wuaueng1.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ wucltui.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ wups.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ wups2.dll
% windir% \ system32 \ regsvr32.exe / s% windir% \ system32 \ wuweb.dll

net start bits
net start wuauserv
net start cryptsvc

wuauclt / detectnow

exit

3. The script will be stuck in quiet vipads, if the computer has been cloning for a long time, or quietly, if the computer has not been able to restore it to WSUS. It is possible to reset the authorization and regenerate the identifier to zero. I will guide only a whole row:

wsus_resetaut_detect_manual.cmd

wuauclt.exe / resetauthorization / detectnow

AU_Clean_SID.cmd

@echo on
net stop wuauserv
REG DELETE "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WindowsUpdate" / v AccountDomainSid / f
REG DELETE "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WindowsUpdate" / v PingID / f
REG DELETE "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WindowsUpdate" / v SusClientId / f
net start wuauserv
wuauclt / resetauthorization / detectnow

5.Inodi, in order to fix everything, you need to reinstall the WSUS agent... You will need to add the latest Windows Update Agent, and then install the editorial board

for x32 Windows versions

windowsupdateagent30-x86.exe / wuforce

for x64 versions of Windows

windowsupdateagent30-x64.exe / wuforce

Yaksho vi happy volodar Itanium - you will be happy :-)

If an agent is installed, it will be necessary to re-enroll.

6. For the "likuvannya" grants 0x80070005, tobto. grants to access can be staged in nagodі hovering below the script. Renewed access for administrators and systems before restructuring system folders.

To view the script, use the Microsoft utility subinacl.exe. Vaughn to enter the resource kit for Windows Server 2003, ale the version is correct, it’s not a matter of being there. there are no pardons. Slide add-on subinacl.exe version 5.2.3790.1180.

Restore_registry_and_system_permission.cmd

@echo off
REM Zastosovuvati at pardons 0x80070005 Windows Update
subinacl / subkeyreg HKEY_LOCAL_MACHINE / grant = administrators = f
subinacl / subkeyreg HKEY_CURRENT_USER / grant = administrators = f
subinacl / subkeyreg HKEY_CLASSES_ROOT / grant = administrators = f
subinacl / subdirectories% SystemDrive% / grant = administrators = f
subinacl / subkeyreg HKEY_LOCAL_MACHINE / grant = system = f
subinacl / subkeyreg HKEY_CURRENT_USER / grant = system = f
subinacl / subkeyreg HKEY_CLASSES_ROOT / grant = system = f
subinacl / subdirectories% SystemDrive% / grant = system = f

All scripts can be detected practically automatically in case of any problems. If as a result of the problem, the problem is still not visible, then it will be brought up as soon as possible. And here we know that windowsupdate.log itself, which lies in the root of the Windows folder. Yaksho computer is problematic, file of great size. For simplicity's sake, you must see it before you start the script. In addition, all scripts have a command that is visible, but not everything is so simple. They do not care about the wuauserv service, as a rule, they can use it to display IE, etc. To that є cunning way. Running

notepad.exe% windir% \ windowsupdate.log

I see all the text, I see it and save the old file (do not forget to save the file type to *. *, Otherwise it is * .txt)

Varto respect that if the client's mind is on the wsus, don't go. I am giving precedent with a couple of Windows Server 2003 R2, as I have to overcome so and not far into the distance. I use the Internet to do it :-)

New operating systems like Windows 7, Windows 2008 are very important to start up. For such types, an empirical way, we know an algorithm of the type:
1. Upgrading from the microsoft site with the agent's links
2. Let's use the new agent already locally
3. And then we’ll fix everything pratsyuvati

I am grateful that the fruit of our ancestors can help someone.

For the sake of simplicity, I use all the scripts at the ready-made view:

With the development of the Internet, the continuous update of the operating system has become a beastly phenomenon. Now the dealers can correct that additional system by extending the current term and condition. As for parts of Windows 10, don't get it right. The very thing is good inside the keys.

The reasons for the automatic updating

Reasons can be different, and only you can see it, if you need to enable the update. With a lot of varto vrahovuvati, at once, because of the reduced quiet of the possibilities, you will start to improve the efficiency of the system's urges. But all the same, the situations, if independent updates are enabled, often come to fruition:

  • Paid internet is an even greater hour, and it can be expensive if you pay for traffic. In such a case, it is more beautiful than the power of entangling and enhancing for other minds;
  • It’s not easy for an hour - when the update is overridden, it’s over and over again in the process of running the computer. It may not be handy, if you need to quickly complete a robot, for example, a laptop. If you don't want to restart your computer early on, Windows 10 will be able to restart your computer, but if you don’t miss it, then after an hour you will restart the primus. All the prices are correct;
  • Bezpeka - by its own means, I would like to often take revenge on the important corrections of the system, but it is impossible to transfer everything. As a result of one update, you can open your system for a viral attack, and simply destroy the robot immediately upon installation. Reasonable pidhіd at the tsіy situation - catch up in a ten hour to go to the Chergovy version, in front of the vіdguki vіdguki.

How to automatically update Windows 10

There are many ways to get Windows 10 updated. Deyakі from them is much simpler for a koristuvach, іnshі folding, and the third is to establish third-party programs.

Vimknennya through the center of new development

Vikoristannya center for connection is not the best option, I would like to propose it as an official solution for Microsoft. You can vimknuti automatically entangled updates through їх nalashtuvannya. The problem here is that the price of the solution is so fast. The release of the great Windows 10 update to change the price of the new system. Ale mi is all one vivchimo connection process:

When there is little change, there is no longer any improvement. Alle the solution is not possible for you to get used to the entangled update.

Automatic update - the functional peculiarity of any operating system is important. The managers of the first computer will immediately take important updates to keep the system stable and secure. Windows 7 has a collection of functions active. The price means that, due to the explicit connection with Microsoft servers, the update service will change the presence of new packages, add them and install them. Call all the processes practically uncomfortable for a koristuvach, but if there are continuous propositions, there are up to dozens, and even more.

In theory, vimikati is not automatically entangled. Vaughn is cinnamon, to that you should break it in safety, optimizing the OS robot, giving it to some new possibilities (usually “tens”). Also, there is a change of drives, for which the auto update service is next to enable:

  1. Koristuvachev doesn’t befit when it’s time to update the Internet traffic and / or it’s impossible to get a PC.
  2. On a computer, there is an expensive abbreviation for the childless Internet.
  3. Problems with starting the new OS.
  4. For the installation of new packages.
  5. On the system volume, there is a lack of a problem with Windows 7, which has a skin update.

See

All the same, before we turn on the Windows 7 update, think about whether it’s worthwhile. Krim deactivation service, її can be translated from such modes of the robot.

  1. Completely automatic - the operation is carried out without the need to involve a corkscrew, depriving of the occasional rest about the completion of the installation of the packages.
  2. Poshuk that zavantazhennya fresh corrections for distribution, and the installation of packages zdіysnyu koristuvach.
  3. Automatic reconciliation with the names of the corystuvach about the manifestation of the update.
  4. Self-improvement is imposed. Everything works in manual mode.

The parameters are selected for the "Center of New" component.

Ways to connect

Nalashtuvannya be-like Windows are saved from the її register. You can trim the access to the key, which is the result of the adjustment to the center of the renovation, it is possible to decorate it with a simple pair of folding nozzles. It’s easy to see.

Change of parameters to the Center of Innovation

It’s more important than that, it’s well established for the robot to serve itself. For access to the configuration interface, it is necessary to view the "Center of Development" in one of the guided ways.

System

  1. Through the context menu of My computer, click on "Power".
  1. The left vertical menu has a clause according to the general arrangement, which is displayed at the bottom of the window.

  1. Іdemo to "Control Panel".
  2. Vidkrivaєmo razdil "System, bezpeka".
  1. Viklik is one thing.

It’s like the elements of the keruvannya panel are displayed at the view of the icons, and not the categories, because the element is displayed at the head window.

  1. Otzhe, having been included in the demand, there is an onslaught of "Nalashtuvannya parameters".
  1. Change to the section "Important updates" and select the option from the list.

I will increase the ability to remove updates on computers with Windows 7, in addition to depriving the service.

Introduce the service

Management of services from "simtsi" seeks for additional help:

  • direct editing of keys to the register, which is not even handy;
  • third-party programs for adjusting the OS (no option);
  • MMC console snap-ins;
  • system configuration;
  • command line;
  • group policy editor (є for Windows 7 Maximum, Corporate).

View service with autostart

Vimknennya update is the best way to communicate through the system configurator.

  1. Viconuєmo "msconfig" at the window of the command interpreter, which can be seen when typing Win + R keys, or a click behind the "Viconati" button at the start.
  1. Іdemo at the tab "Services".
  2. Known "Windows Update Center" (Windows Update can be used) і cleaned up the great priest, it’s worth it.
  1. Zberigaєmo new nalashtuvannya.

Until the end of the streaming session, the service will be pratsyuvati, vikonuyuchi pledged to her. For the new Windows 7 configuration update, you need to re-enable it.

Speed ​​up with the MMC snap-in

One of the system consoles is equipped with access to the control of all services on a PC. Start like this.

  1. The context menu for the "My Computer" catalog is displayed.
  2. Viklikaymo command "Management".
  1. The left vertical menu has the item "Services and programs". Give Klatsaumo for the efforts of "Service".

A simple option for Wiklik Tsyogo Vіkna will be launching the command "services.msc" through the dialogue "Viconati".

  1. Change the list of services in the most recent and visible "Vlastivosti" Windows Update Service.
  1. In the "Startup type" list, select "Enabled" for "Automatic", then say goodbye to automatic updates. It is necessary to turn on the service at a time, by an onslaught of "Zupiniti". Zberigaєmo new parameters with the button "Zastosuvati" that closes all windows.

You will not need to rewire a PC to rewire a PC to store it.

Group Policy Editor

Set up any system parameter in addition to the one equipped with the MMC console, which is called the editor of the group local policy.

The home editorial office of "family" is not available!

  1. Start the tool by running the gpedit.msc command through the Viconati window.
  1. At the parent "PC Config", there is a "Administrative Templates" tab.
  1. The Windows Components display is the latest update center.
  2. At the right side of the window, there is a parameter, the name of which is to be repaired from "Auto-update adjustment".
  3. Viklikaєmy yogo nalashtuvannya.
  1. Change the checkbox at the "Vimknuti" position and the onslaught "OK" to close the window for the savings.

Skoristaєmosya in a command row

Through the command row, you can see the same operations, which are behind the additional graphical interface, and navigate more, but in text mode. Smolder, nobility їkh syntax and parameters.

The command cmd is displayed for the wiklik of the command row.

  1. The command interpreter is displayed as the visitor.


One of the preceding articles described the procedure in detail. In addition, as you set up a server, you need to set up Windows-clients (servers and workstations) on the WSUS server's victorian to remove the update, the clients received the update from the internal Microsoft Update server through the Internet. At the top of the statistics, it is possible to understand the procedure for setting up clients on the WSUS server server behind the additional group policies of the Active Directory domain.

The AD policy groups allow the administrator to automatically identify computers in the WSUS group, so that there is no need to manually move computers between groups in the WSUS console and to display these groups in the current station. The assignment of clients to the large groups of WSUS is to be rutted on the mitts in the register on the clients (the mitts are set by the group policy or to the direct editing of the reestr). This type of customer service to WSUS groups is called clientsidetargeting(Targeting per client).

Transmitting that in our hedge will be victorious, there will be two developments in the policy of updating - the same policy is being introduced for the server ( Servers) that for working stations ( Workstations). Two groups will need to be located on the WSUS console in the All Computers section.

Porada... Server policy update WSUS customers have plenty of reasons to keep the organizational structure of the OU in Active Directory and the rules for establishing the update in the organization. There is no private option in the statistics, which allows the intelligence of the basic principles of the AD policy for the installation of Windows updates.

First, it is necessary to set the rule of ugrupovannya computers from the WSUS console (targeting). For promos at the WSUS console, computers will be assigned by the group administrator (server side targeting). We are not in charge, so it seems that computers are distributed into groups based on client side targeting (the key is from the client's register). For the whole in the WSUS console, go to the section Options then enter the parameter Computers... Change the value to Use Group Policy or registry setting on computers(Vikoristovuvati group policy or parameters of the register on computers).

You can now open the GPO to configure the WSUS clients. Open the domain Group Policy Management console and open two new group policies: ServerWSUSPolicy and WorkstationWSUSPolicy.

WSUS Group Policy for Windows Servers

How can I describe the server policy ServerWSUSPolicy.

The group policy settings, which are responsible for the Windows Update service robot, are located in the GPO section: ComputerConfiguration -> Policies-> Administrativetemplates-> WindowsComponent-> WindowsUpdate(Computer configuration -> Administrative templates -> Windows components -> Windows Update).

Our organization has a policy of introducing new WSUS to Windows servers. It will be transferred to the Servers group in the WSUS console. In addition, we want to automatically install new updates on servers when they are rejected. The WSUS client is guilty of simply blocking the available updates on the disk, pretend to know about the new updates in the system tray, and to start the installation by the administrator (manually or with a help) for the first time. This means that the productive servers do not automatically start to take over the update and re-enroll without the administrator's approval (ask the robot to be seen by the system administrator within the framework of the thousands of scheduled scheduled maintenance work). For the implementation of such a scheme, the following policies can be set:

  • ConfigureAutomaticUpdates(Automatic update adjustment): Enable... 3 - Autodownloadandnotifyforinstall(Automatically enqueue the update and if it is ready before being installed)- the client will automatically add new updates and help you about the new one;
  • SpecifyIntranetMicrosoftupdateservicelocation(Order the distribution of the Microsoft update service in Intrarezhі): Enable... Set Intranet update service for detecting updates: http: //srv-wsus. site: 8530, Set the intranet statistics server: http: //srv-wsus. site: 8530- here it is necessary to specify the address of your WSUS server and the statistics server (call the stink);
  • No auto-restart with logged on users for scheduled automatic updates installations(Do not automatically re-enroll before the hour of automatic re-establishment of the update, even if in the system of cleaning the clerk): Enable- the fence is automatically re-secured due to the presence of the session of the koristuvach;
  • Enableclient-sidetargeting ( Allow the client to belong to the whole group): Enable... Target group name for this computer: Servers- at the WSUS console, add clients to the Servers group.

Note... It’s a matter of time to adjust the update policy and respectfully learn about the parameters available in the skin and the GPO option WindowsUpdate and set up information for your infrastructure and organizing parameters.

WSUS Implementation Policy for Workstations

Every allowance, when updating the client's workstations, on the basis of the server policy, will be automatically set up at night, as soon as the update is taken into account. After the installation of the new computer is guilty, it is automatically re-availed (re-waiting for 5 khvili).

At tsіy GPO (WorkstationWSUSPolicy) mi vkazuєmo:

  • AllowAutomaticUpdatesimmediateinstallation(Allow non-control of automatic updates): Disabled- a fence on a negativnaya vstanovlennya upgrading at їkh їkh otrimanny;
  • Allownon-administratorstoreceiveupdatenotifications(Allow koristuvacham, as not є administrators, remove the information about the update): Enabled- to show non-administrators about the appearance of new innovations and allow them to be established manually;
  • Configure Automatic Updates:Enabled... Configure automatic updating: 4 - Auto download and schedule the install. Scheduled install day: 0 - Everyday... Scheduled install time: 05:00 - when new updates are removed, clients will be added to the local cache, the plan will automatically be set at 5:00 am;
  • Target group name for this computer: Workstations- at the WSUS console, bring the client to the Workstations group;
  • No auto-restart with logged on users for automatic updates installations: Disabled- the system will automatically reload after 5 minutes after the update is finished;
  • Specify Intranet Microsoft update service location: Enable. Set intranet update service for detecting updates: http: //srv-wsus. site: 8530, Set the intranet statistics server: http: //srv-wsus. site: 8530-Addresses of the corporate WSUS server.

In Windows 10 1607, it’s unaffected by those who have been asked to remove the update from the internal WSUS, all the more can go to the Windows Update servers on the Internet. Qia "ficha" be called DualScan... To connect to the Internet, it is necessary to turn on the policy additionally. DonotallowupdatedeferralpoliciestocausescansagainstWindowsUpdate ().

Porada... To paint the patches of computers in the organization, in both policies it is possible to set up the primus to launch the update service (wuauserv) on the clients. For all the razdіlі Computer Configuration -> Policies-> Windows Setings -> Security Settings -> System Services know the Windows Update service and set it to start automatically ( Automatic).

Apparently WSUS policy on OU Active Directory

The upcoming croc - the definition of the policy paths to the up-to-date containers (OU) of Active Directory. In our application, the structure of the OU in the AD domain is as simple as possible: є two containers - Servers (all servers of the organization, in addition to the domain controller) and WKS (Workstations - computers).

Porada... We only need one to reach a simple option of attaching WSUS policies to clients. For real organizations, you can link one WSUS policy on all computers to a domain (GPO with WSUS settings can be found on the root of the domain), assign different types of clients to different OUs (like in our application server - the ), on large distributed domains it is possible to link or sign a GPO on the display or combine different methods.

To indicate the policy on the OU, click at the console of managing group policies for the required OU, select the menu item Link as Existing GPO and the choice of policies.

Porada... Do not forget about the OUs with Domain Controllers, in a large number of containers you should attach the "server" WSUS policy.

So it is very necessary to assign the WorkstationWSUSPolicy policy to the AD WKS container, which will run Windows workstations.

There was a lack of new group policies on clients for attaching a client to the WSUS server:

Efforts to adjust the Windows system and update, as set by group politicians, are responsible for appearing in the client register at the hospital HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate.

The whole reg file can be used to transfer the WSUS setup to your own computers, on which you cannot set up the update parameters for the additional GPO (computers in the workgroup, isolated segments, DMZ is too thin)

Windows Registry Editor Version 5.00

"WUServer" = "http: //srv-wsus.site: 8530"
"WUStatusServer" = "http: //srv-wsus.site: 8530"
"UpdateServiceUrlAlternate" = ""
"TargetGroupEnabled" = dword: 00000001
"TargetGroup" = "Servers"
"ElevateNonAdmins" = dword: 00000000

"NoAutoUpdate" = dword: 00000000 -
"AUOptions" = dword: 00000003
"ScheduledInstallDay" = dword: 00000000
"ScheduledInstallTime" = dword: 00000003
"ScheduledInstallEveryWeek" = dword: 00000001
"UseWUServer" = dword: 00000001
"NoAutoRebootWithLoggedOnUsers" = dword: 00000001

It is also easy to control the setting of WSUS on the clients behind the additional rsop.msc.

In a ten hour (to accumulate some of the updates and the bandwidth of the channel to the WSUS server), it will be necessary to convert to the third manifestation of merging information about the appearance of new updates. The WSUS console may have clients in the selected groups (the tabular view will display the client's name, IP, OS, and the last updated status date). Because by our politicians we tied computers and servers to the new WSUS groups, the stinks should be removed from the update, grabbed before being installed on the new WSUS groups.

Note... Yakscho the update client does not appear, it is recommended to respectfully update the problematic client log of the Windows Update service (C: \ Windows \ WindowsUpdate.log). Beastly respect, scho Windows 10 (Windows Server 2016) vikorystovutsya. The client will add the update to the local folder C: \ Windows \ SoftwareDistribution \ Download. Then run the new update on the WSUS server, you need to select the command:

wuauclt / detectnow

Also, it is necessary to re-arrange the client on the WSUS server:

wuauclt / detectnow / resetAuthorization

In especially folding vipads, you can try to repair the wuauserv service. At a later date, try changing the frequency of the update to the WSUS server using the additional Automatic Update detection frequency policy.

The offensive statistics have a description of the particularities. It is also recommended to read the article between groups on WSUS servers.

Application © 2021 Mobile and Computer Gadgets