Windows Server Update Service: Add WSUS client

I want my Windows 7 to get windows update from my local WSUS server instead of getting updates from the internet.

Group policy editor
Launch the group policy editor (gpedit.msc)
Windows 7 for testing-2013-05-04-20-02-49

Go to Computer Configuration –> Administrative Templates –> Windows Components –> Windows Update
Windows 7 for testing-2013-05-04-20-05-20

Make Windows to get updates from WSUS

There are two parameters you need to tell Windows where to get the updates.

Windows 7 for testing-2013-05-04-20-11-42

On Specify intranet Microsoft update service location you need to set the hostname or IP address of the WSUS server and enable it.

Windows 7 for testing-2013-05-04-20-15-31

Then enable the Configure Automatic Updates and choose the schedule you want.
Windows 7 for testing-2013-05-04-20-18-34

Use regedit to check the settings. The registry path is Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Windows 7 for testing-2013-05-04-20-20-06

Launch services.msc to restart the Windows Update service.
Windows 7 for testing-2013-05-04-20-23-42

Download the updates
Got an error 80072EE6, this is because the WSUS URL is misconfigured.

It was htp://172.16.0.28, so I changed to http://172.16.0.28

It was htp://172.16.0.28, so I changed to http://172.16.0.28

You will see Managed by your system administrator.

You will see Managed by your system administrator.

WSUS
On WSUS you can see there are computers listed.
Mcafee Lab Server-2013-05-04-20-34-44

As you can see the new computer win7test has not yet reported to WSUS, I can make this quicker by typing the command wuauclt /reportnow on my Windows 7 client machine.
Windows 7 for testing-2013-05-04-20-38-18

Notice the win7test has reported to the WSUS.

Notice the win7test has reported to the WSUS.

Updates approval
Updates need to be approved prior for the client stations to download. WSUS will advise how many needed updates are for the machines.

just click the link highlighted in red and start approving the updates.

just click the link highlighted in red and start approving the updates.

Approve the updates needed by the clients.

Approve the updates needed by the clients.

Advertisements
This entry was posted in System OS, Windows and tagged , . Bookmark the permalink.

3 Responses to Windows Server Update Service: Add WSUS client

  1. A couple of notes on the above discussion…
    1. Since you are using LOCAL POLICY to configure the client, it is not necessary to restart the Windows Update service. The service is policy-aware, and merely changing the policy will be sufficient.
    2. What is missing from that step, though, and could be problematic (I’m somewhat surprised it wasn’t an issue in this case) is that you need to refresh policy after configuring it. You checked the registry, but by all rights, the values should not have been posted to the registry until after policy was refreshed. (It’s possible that the policy refresh happened coincidentally at that moment, but it’s also possible that the registry values won’t appear for up to 90 minutes). To force the policy settings into the registry immediately, run a policy refresh with GPUPDATE /FORCE /TARGET:COMPUTER
    3. Strictly speaking “Configure Automatic Updates” is an optional setting, only necessary if you want to change the automatic 3am scheduled installation event.
    4. Most implementations should be configuring the WSUS policy settings with a HOSTNAME, which will work if DNS is properly implemented.
    5. It’s important to note that the command wuauclt /reportnow only worked in this scenario because (a) the client was properly configured and functional, and (b) had just completed a registration/detection with the WSUS server and had events to report. In fact, doing nothing at all is also an option, and the client will report by itself within 20 minutes. What’s more important to understand here is that running wuauclt /reportnow by itself, more often than not, does absolutely nothing on the client. The /reportnow flag flushes the pending-events-to-be-reported queue, if there are events to be reported.

    • cyruslab says:

      Hi, thank you for the tips. I re-read my post and realized I have missed the command gpupdate /force after i have configured group policy.

      what i normally did is to use wuauclt /resetauthorization /reportnow to see the computers quickly in my wsus console.

      Thank you for sharing and taking time to write the tips. 🙂

  2. Pingback: How To Add Computers In Wsus Server | Arabellazz

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s