You are on page 1of 4

Deploy WSUS to clients without AD/Domain/GP using the registry - So... https://community.spiceworks.com/how_to/2267-deploy-wsus-to-clients-...

How-tos

by bytesnake on Jul 6, 2011 at 4:02am


Software Deployment & Patching
WSUS
47

We have a workgroup environment here and I needed a solution to provide our internal WSUS server to the
clients.
So I used the way to add registry keys to our machines.

Note: the values used here working for my environment. Yours may dier. You can change them to match
your needs. Please read more about it at #5 of this how-to.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"AcceptTrustedPublisherCerts"=dword:00000001
"ElevateNonAdmins"=dword:00000001
"TargetGroup"="Workstations"
"TargetGroupEnabled"=dword:00000000
"WUServer"="http://your-WSUS-server:port";
"WUStatusServer"="http://your-WSUS-server:port";

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000004
"AUPowerManagement"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequency"=dword:0000000a
"DetectionFrequencyEnabled"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000001
"NoAUAsDefaultShutdownOption"=dword:00000001
"NoAUShutdownOption"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RebootRelaunchTimeout"=dword:0000000a
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RescheduleWaitTime"=dword:0000000a
"RescheduleWaitTimeEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001

- "WUServer"="http://your-WSUS-server:port";; and
- "WUStatusServer"="http://your-WSUS-server:port";;
to match the IP address (or FQDN) of your WSUS server. IMPORTANT: remove the ";" from the end of that
lines!

Examples:
"WUServer"=" http://WSUS.company.com:81 "
"WUStatusServer"=" http://WSUS.company.com:81 "

"WUServer"=" http://192.168.0.1 "


"WUStatusServer"=" http://192.168.0.1 "

"WUServer"=" http://intranet.local:8080 "

1 de 4 17-05-2017 16:08
Deploy WSUS to clients without AD/Domain/GP using the registry - So... https://community.spiceworks.com/how_to/2267-deploy-wsus-to-clients-...

"WUStatusServer"=" http://intranet.local:8080 "

The rst key is named WUServer. This registry key holds a string value which should be entered as the WSUS
servers URL.

The other key that you will have to change is a string value named WUStatusServer. The idea behind this key
is that the PC must report its status to a WSUS server so that the WSUS server knows which updates have
been applied to the PC. The WUStatusServer key normally holds the exact same value as the WUServer key.

where the computers

Expand
- double click on it from the client machine (admin rights required)
OR
- put in into the login script so it will be applied at every login

Here an example for using it in a Novell Login Script (Drive Z: is here the drive needed for the login):

IF OS = "WINNT" THEN
#regedit.exe /s Z:\WSUS\wsus-client.reg
@wuauclt.exe /resetauthorization /detectnow
END

Here some links to get more informations about the options used in the *.reg le:

- http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx
- http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part1.html
- http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part2.html
- http://www.wsus.de/gpo (German - sorry)
- http://smallvoid.com/article/winnt-automatic-updates-cong.html
- http://www.appdeploy.com/tips/detail.asp?id=103

Maybe it`s needed to remove that settings for various reasons. To get the default values in the registry, just
follow the next step.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

where the computers have access to it.

2 de 4 17-05-2017 16:08
Deploy WSUS to clients without AD/Domain/GP using the registry - So... https://community.spiceworks.com/how_to/2267-deploy-wsus-to-clients-...

Expand
- double click on it from the client machine (admin rights required)

That`s all. I don`t think it`s useful to add this in a login/logout script ;-) but it would work too.

I use this method for setting up a new machine even the machine will be used outside of our network after
setup.
In this way the new client gets all needed updates in a shorter time frame than downloading it all via internet
from Microsoft.
After nishing the setup, I remove the settings as described from #6 on.

WSUS Step by Step

Comment Subscribe

Shuey Dec 8, 2014 at 2:01pm


Will these workgroup computers show up in the list on WSUS? I'm guessing the answer would be "no", but
I've never tested this, so I'm not sure.

One other thing I'm confused about is the fact that we have to add the TargetGroup string, but the
TargetGroupEnabled dword is set to "0"... this doesn't make sense to me :-/

Thanks for this quick little How-To!

bytesnake Dec 8, 2014 at 3:01pm


In my workgroup environment the workstations are shown. The target group is for the case you want to
force the group membership by this settings. Not sure how the registry would look for this as I add the
machines manually ...

Samarjit Mar 16, 2015 at 6:08am


When I try the registry tweaking method the client is not getting updated from WSUS server and showing
the error code: 80072F76 but when I use local group policy to point the same WSUS server I found that it is

3 de 4 17-05-2017 16:08
Deploy WSUS to clients without AD/Domain/GP using the registry - So... https://community.spiceworks.com/how_to/2267-deploy-wsus-to-clients-...

getting updated. I also noticed that in both methods the registry value for "WUServer" and
"WUStatusServer" is same then why it is getting detected in one method and giving error in another
method?

bytesnake Mar 16, 2015 at 6:32am


Maybe cause your workstation is a domain member? Not sure.

Lee Mar 20, 2015 at 9:20am


Will this work on all current versions of Windows clients? 7, 8, 8.1, (10)?

bytesnake Mar 20, 2015 at 9:25am


Dunno about Win10. It works well with Windows 7, 8, 8.1 in our environment.

mistersee Oct 1, 2015 at 8:38am


Might it make sense to update the instructions to mention that one needs to add a header line to the .reg
le?

So, to make it work, you need to add `Windows Registry Editor Version 5.00` (without backticks) to the
beginning of the `.reg` le.

bytesnake Oct 1, 2015 at 9:34am


Where do you miss this? It's mentioned in step 1 as well as in step 7 ...

Add your comments on this How-to! Join the IT Network or Login.

4 de 4 17-05-2017 16:08