Whirlpool

I got the WSUS software and wish to try it out on my home network but don't want a domain. Some of the documentation seems to hint that it's possible but I haven't been able to figure it out.

If anyone can help me I would be most grateful and really hope it is possible because I am with bigpond and have several PCs at home to update.

Thanks for your help.

I haven't tried this, but I don't think this is a problem.

I have WSUS servers that are in a domain and a few servers/workstations in a workgroup connected to the WSUS servers without any problems.

I haven't read the WSUS documentation but if the implementation is similar to SUS (WSUS precursor) it requires alteration of registry entries to point the Automatic Updates service at your server instead of Microsoft's. It's easier to change those entries if you have a domain but it was possible with SUS to put the required entries in a registry file and simply import it into the client's registry.

The WSUS forums may also prove useful.

Could you tell me what registry entries I need to change? I had a look but couldn't find anything with a URL to do with update.

Any info would be greatly accepted and I will have a look at the forums suggested, thanks for the help so far.

Check out KB555454 - WSUS: Script to Manually Configure Automatic Update Client for WSUS

... and I just clicked on my link to that page and it no longer exists!

If you try search.microsoft.com/res...g=en-US&q=555454 you get a link to that KB article, but the link is dead!

There is a technet article here technet2.microsoft.com/W...b68ceb31033.mspx but it is not as good as the original KB article.

This is basically what I've got in a .REG file. Just put your WSUS PC DNS name where 'dnsname' is.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Polic­ ies\Microsoft\Windows\WindowsUpdat­ e]
"WUServer"="http://dnsname"
"WUStatusServer"="http://dnsname"
"ElevateNonAdmins"=dword:00000000
"TargetGroupEnabled"=dword:0000000­ 1
"TargetGroup"="Guest computers"

[HKEY_LOCAL_MACHINE\Software\Polic­ ies\Microsoft\Windows\WindowsUpdat­ e\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"AutoInstallMinorUpdate"=dword:000­ 00001
"DetectionFrequencyEnabled"=dword:­ 00000004
"DetectionFrequency"=dword:0000000­ 4
"NoAutoRebootWithLoggedOnUsers"=dw­ ord:00000001
"RebootRelaunchTimeout"=dword:0000­ 05A0
"RebootRelaunchTimeoutEnabled"=dwo­ rd:00000001
"RebootWarningTimeout"=dword:00000­ 01e
"RebootWarningTimeoutEnabled"=dwor­ d:00000001
"RescheduleWaitTimeEnabled"=dword:­ 00000001
"RescheduleWaitTime"=dword:0000001­ e
"ScheduledInstallDay"=dword:000000­ 00
"ScheduledInstallTime"=dword:00000­ 010
"UseWUServer"=dword:00000001
"LastWaitTimeout"=-

These settings can also be edited though "gpedit.msc", there is no need to go into the registry just change the policy settings.

runs fine with clients not on a domain, create either a registry patch is the easiest way :)

I have tried editing the registry and using the gpedit.msc method but when I select computers from the WSUS server I can't find any. I have run the command line wuauclt.exe /detectnow after every change and have even done several re-starts.

I have probably missed something and will look into it further. It's a pity there isn't a better configuration tool available (read easy to use).

Thanks so much for the help so far and I will keep trying.

I've never set them up directly in the wsus admin console, i've always just told clients to collect updates from here at this time and install without user interaction (and reboot middle of the night). sorry can't help ya from that side of things

I have a WSUS server setup which isn't a DC or part of domain and 4 computers connected to it fine. So long as you update the registry on the client PCs (see above post) it should work fine.

Steve is on the money.

You can install WSUS on ANY machine that has IIS and you have the ability to install MSDE.

Then all you have to do is "fudge" the registry entry for where Automatic updates see's the AU site.

Be warned if you have a LOT of PCs with office and a bunch of common MS products the WSUS update folder can blow out in size. I have 490 odd desktops with 2000/XP/2003 and I need UBER amounts of space to store the updates.

I reinstalled WSUS late last year and here are the summary results.

Updates
Total: 721
Approved updates: 565
Updates not approved: 141
Declined updates: 15
Updates with computer errors: 4
Updates needed by computers: 211

Computers
Total: 607
Computers with update errors: 3
Computers needing updates: 189

saudukar writes...

Be warned if you have a LOT of PCs with office and a bunch of common MS products the WSUS update folder can blow out in size. I have 490 odd desktops with 2000/XP/2003 and I need UBER amounts of space to store the updates.

yeah i quickly had a 10 gig partition look rather low on space

think it totalled just under 8gig for all 3 windows versions, english only though thankfully

phoenixthesmeg writes...

I have run the command line wuauclt.exe /detectnow after every change and have even done several re-starts.

Perhaps install the latest update agent from here go.microsoft.com/fwlink/?LinkId=43264

Steve writes...

Perhaps install the latest update agent

Already have the latest version installed. Maybe I just have to try a few more things. I am a noob when setting up servers, I have better luck with Linux servers LOL.

If the clients aren't receiving updates or WSUS doesn't appear to be downloading updates, check the following:

The directory security permissions on Selfupdate in the WSUS website should have granted all, no IP listed. The Selfupdate in the Default Website should have Denied access all, except internal IP (255.255.255.0) and 127.0.0.1.

The NETWORK SERVICE must have read access to the drive in which WSUS updates are to be downloaded.

When I was installing WSUS on a Windows 2003 Server machine, the above is what I had to do to get it working properly. They were the notes I took. May or may not work for you.

saudukar writes...

Steve is on the money.

Correct.

I have a WSUS server on a site that both PC's from the domain and not from the domain update from. Just a matter of changing a couple of registry entries.

I did have an old 12GB HDD for my updates but had to up it to 80GB after the December 2005/January 2006 updates came out. Currently I think my updates are around 13GB.

saudukar writes...

Be warned if you have a LOT of PCs with office and a bunch of common MS products the WSUS update folder can blow out in size. I have 490 odd desktops with 2000/XP/2003 and I need UBER amounts of space to store the updates.

Umm you might want to uncheck the option that says download all versions of the update, so anything that isn't english you don't want. Youwill find that WSUS will sit under 10 gig easily. I have all of the "needed" updates for Office,XP, 2000, 2003. Downloading every single update is... silly, once you hit SP2 you don't need that many for XP. 80gig is crazy unless you are supporting every single language in history.

Very easy to run without domain. use gpedit.msc to set variables or use a reg update.

phoenixthesmeg writes...

Already have the latest version installed.

I use this batch file to kickstart the updates. It might help you.

@echo off
Echo This batch file will Force the Update Detection from the AU client by:
Echo 1. Stops the Automatic Updates Service (wuauserv)
Echo 2. Deletes the LastWaitTimeout registry key (if it exists)
Echo 3. Deletes the DetectionStartTime registry key (if it exists)
Echo 4. Deletes the NextDetectionTime registry key (if it exists)
Echo 5. Restart the Automatic Updates Service (wuauserv)

rem Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\C­ urrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\C­ urrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\C­ urrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv

@echo off
Echo This AU client will now check for the Updates on the Local SUS Server.
Echo After 10-20 mts Have a look at C:\Window\Windows update.log
Echo For any errors; feel free to post on the forum and I will try to help out.
rem Pause

Watch out for Whirlpool putting spaces into the text, like C urrent instead of Current, but there is a space in Auto Update

thanks for all your help guys. I wil try that batch file soon and let you know how it goes.

I have also enlisted in an open beta of SMS (I think it's the next thing after WSUS) I will probably give that a go too.

phoenixthesmeg writes...

I have also enlisted in an open beta of SMS (I think it's the next thing after WSUS) I will probably give that a go too.

SMS is fairly different to WSUS. SMS 2.0 had a Software Updates Feature Pack addon that was based on the same MBSA technology (originally developed by Shavlik who went on to make the commercial product HfNetChk Pro) as is used by Microsofts product update systems. But the primary functions of SMS were in things like software/hardware inventory, software deployment, license management.

The MBSA technology has come ahead in leaps and bounds the last few years thanks to a concerted effort by Microsoft to improve and unify their patching (they previously had something like 15 different patch types, and want to get it down to 2).

SUS was the first iteration of a standalone patching platform. WSUS is the successor, and is heaps better. SMS 2.0 was okay at patching, SMS 2003 does a better job, but from what I hear the next SMS version will integrate heavily with WSUS (or the next version of it) as well as MOM to form a hugely functional enterprise management platform.

Thanks Dudley thats a great deal of useful information.

It's posters like all of you that make whirlpool so useful.

JAB au writes...

These settings can also be edited though "gpedit.msc", there is no need to go into the registry just change the policy settings.

But you dont go into the registry to do the work.

You create the reg file, then import/run it on the workstation and it will automatically make those changes for you.

when I specify the intranet do I need to specify the port as I think the default was 8530 and not 80 I might be wrong though

phoenixthesmeg writes...

when I specify the intranet do I need to specify the port as I think the default was 8530 and not 80 I might be wrong though

Yes you must specify the port if not using 80. I always use the alternate port of 8530 for WSUS rather than 80, just for standardisation and simplicity.

Skitza writes...

80gig is crazy unless you are supporting every single language in history.

We have to support a range of languages as we allow and endorse our users to use multiple languages as part of out LOTE (languages other then English) educational requirements.

I had some permissions problems with the server and ended up killing that install. I then installed my demo of enterprise 2003 and set up WSUS on it.

I made sure the setting were correct using gpedit.msc and now I can see my computer in the list.

Thanks so much for all the help guys I have learnt a lot about WSUS so far (have a lot more to learn still but I am going the right way now) and am gratefull for all the advice.

Thanks for the info aswell everyone.

With this, what settings would I choose to not notify the end user to reboot and such, IE updates are installed but even if a reboot is needed the end user is not notified?

I do not want to force them to reboot their PC's at all, just update and finish the install on reboot when they next reboot.

If this isnt an option it looks like I will have to just schedule it to only run ~3am each morning and do it that way... which may even work better.

There are options to reboot automatically if no one is logged on, or prompt for a reboot if someone is logged on. You can then set the prompt interval (eg every hour, or we do every 10 hours), and I think also limit the length of time they can put off the reboot before it is forced.

Dudley writes...

There are options to reboot automatically if no one is logged on, or ...

The KB I referred to here forum-replies.cfm?t=482665#r5 contained all that detail and was very useful.

Too bad MS canned it!

If you use gpedit.msc there is the option there. If you use Home then refer to This Page It has all the registry settings and discriptions.

Because my wife has XP home on her PC I ended up exporting the registry entries from my pc after configuration via gpedit.msc and then imported them on her PC. Now all is well.

Now I just need to buy windows server or re-install the demo over and over. They need a student version for about $20 or maybe even $50 for server versions. Add the limitations of no commercial use and only for eduactional purposes and I would be happy as Larry.

phoenixthesmeg writes...

Now I just need to buy windows server or re-install the demo over and over. They need a student version for about $20 or maybe even $50 for server versions. Add the limitations of no commercial use and only for eduactional purposes and I would be happy as Larry.

Some higher education insitutes offer it for free as part of their licensing with Microsoft.

Why would MS give away a fully functional OS for $20-50? that wouldnt make sense...

Hellman109 writes...

Why would MS give away a fully functional OS for $20-50? that wouldnt make sense...

In order to increase student knowledge and therefore create a larger market segment. Unfortunately I don't think my UNI does provide this.

As to price, the academic price for windows XP is $20 but it must ONLY be used for work related tasks.