Essentially I was wondering if it's possible to use the local gpedit.msc on Windows 7 and Windows Server 2008R2 machines to configure clients to use a workgroup based WSUS installation. With this - I would still like to ensure users can use Windows Update manually but the WSUS does the majority of the work!
Asked
Active
Viewed 3.6k times
1 Answers
6
Registry
Please see the article Configure Automatic Updates in a Non–Active Directory Environment.
You're going to want to set these registry keys to the URL for your WSUS server (for example:
http://wsus.local):HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\WUServer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServerNote: The key
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdatedoes not exist on a fresh installation of Windows 7. You will have to create it if it doesn't exist.Then create a new DWORD named
UseWUServerin the following key and set it to1:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
This should be enough to tell the system to use your local WSUS installation.
Please see the article linked above for further options in configuring the Windows Update behavior.
Example
These are the default settings a Windows Small Business Server 2010 will set:
Group Policy
It should also be noted that these settings are also accessible through the Local Group Policy Editor under Computer Configuration\Administrative Templates\Windows Components\Windows Update:
click to enlarge
In the group policy editor, we can also see the group policy that may be used to restrict access to Windows Update for a user. This would allow installation only directly through WSUS approval and automatic installation (which would have to be configured):
click to enlarge
Oliver Salzburg
- 89,072
- 65
- 269
- 311