Is it possible to push GP updates to remote users who are off lan?
Hello all
To expand on what I was asking, is there a way in the KACE appliance that I can be able to create a script to push a Group Policy update to a machine that is remote without giving users VPN rights to do so OR with the use of a 3rd party application to achieve this?
EXAMPLE: user1 is issued a machine and the machine has a GP that allows it to grab windows update from the internal WSUS server. user1 decides to work remote without letting anyone know and the machine is behind on windows updates because the GP is designed to only receive updates from the internal WSUS server in the domain. user1 is unable to make it back in the office to receive the GP to allow the machine to receive updates from the public Microsoft update server instead of the internal WSUS server.
I look forward to hearing back what the community has to offer.
0 Comments
[ + ] Show comments
Answers (3)
Answer Summary:
Please log in to answer
Posted by:
rswayback5
6 years ago
Top Answer
Comments:
-
OMG this was a god send thank you!
now my question is, will this work for both WIn7 and WIN10 or just one or the other? - adams071 6 years ago-
It should work with both. We have a mixed environment with both 7 and 10. I'll post a snip of the reverse script as well that disables automatic updates from Microsoft. Note that we use Kace for updates so I'm not sure that the disable script will work for WSUS. - rswayback5 6 years ago
-
we want the updates to keep coming in so that all of our machines are all patched in with the latest security updates. we have a problem in which users who are supposed to sit on site go remote and their machines never get updates from Microsoft because they are trying to connect to our internal WSUS server from the outside. - adams071 6 years ago
-
The one I posted should work fine for that. You just may need to take a look at the "WUServer" and "UseWUServer" keys (what they are set to now) to know how to reverse the keys. Wouldn't hurt to just capture all of the above keys and make sure you can revert them back when necessary. - rswayback5 6 years ago
-
I am trying to find which option makes the argument " verify that "KEY STRING" is equal to"" " - adams071 6 years ago
-
Make sure the script is set to run for Windows and not "All" operating systems. - rswayback5 6 years ago
-
"Verify a registry value is exactly" - rswayback5 6 years ago
-
thanks! now I am running into errors with the script. dumb question to ask XD but how do I upload screenshots to reply's to show what I am seeing? - adams071 6 years ago
-
I wasn't able to either. I had to choose "Answer this Question" in order to add a screenshot. - rswayback5 6 years ago
Posted by:
chucksteel
6 years ago
Most group policy settings are registry keys, you can use a KACE script to get the registry keys remotely.
Comments:
-
I will give that a try and see how it works. I am in the registry trying to figure out what setting in the registry controls where it tells windows where to gets its updates from. I know we have a WSUS server in our domain that pushes updates out to our users in the office. I am trying to find that 1 setting in the registry that I can change to have the machine check for updates from the public microsoft server instead of our internal WSUS when the machine is off LAN. - adams071 6 years ago
-
We have a script that does this. I'll post a screen shot if I can figure out how. - rswayback5 6 years ago
-
I look forward to seeing that soon! if it works, ill reply back and confirm it - adams071 6 years ago
-
it would help if i mentioned in the first place that the user machines are WIN7 enterprise. - adams071 6 years ago
Posted by:
adams071
6 years ago