Offline script - registry update for WSUS (K1000)
I have an offline script that updates entries to enable our WSUS server (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\) We don't have Group Policy enabled - yet, so we need to update local GP on XP/Vista/Win7 workstations if needed, most are already set properly.
The issue with this script is that when I ran it the first time against test workstations that never previously ran the script, it worked fine. After I ran it again, I opened gpedit.msc from the workstation and the all the settings reverted back. If I check the registry, it looks correct all the settings from the script are updated properly, but group policy contains default settings. Not sure why this is ocurring, and I really don't want to break all the good settings on my workstations... Any ideas?
K1000 Systems Management Appliance v5.4.70402
Script contents:
Offline script
Windows O/S
Dont run on a schedule
1 Task - Run 2 Attempts
Verify
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate” is equal to “0”.
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!AUOptions” is equal to “3”.
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallDay” is equal to “0”.
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallTime” is equal to “3”.
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTime” is equal to “1”.
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers” is equal to “1”.
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer” is equal to “1”.
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUServer” is equal to “//hghost”.
- Verify that “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUStatusServer” is equal to “//hghost
Remediation
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate” to “0”.
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!AUOptions” to “3”.
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallDay” to “0”.
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallTime” to “3”.
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTime” to “1”.
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers” to “1”.
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer” to “1”.
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUServer” to “//hghost”.
- Set “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!WUStatusServer” to “//hghost”.
Answers (2)
I believe you need to set the proper key types for some of these, not all are string values
Comments:
-
Thanks! I'll see if there is any more info on this since I'm using the K1000 Configuration Policy, Enforce Registry Settings. I also found a few articles on exporting the reg key, and creating a batch file to import the settings, which may also be a good fit. - dualplanker 11 years ago
Be sure to check Local Policy on that machine. If registry settings get changed after successfully setting them with a script, there really are only two possibilities -- policy or another script.
You say that you've not implemented Group Policy yet, but the only way to not implement Group Policy is to not implement Active Directory. The Default Domain Policy exists in every AD implementation, and if you have AD, then you should check the DDP for WSUS settings.
Also, you have the incorrect format for WUServer and WUStatusServer -- those values should be the URL of the WSUS Server, e.g. http://hghost. WSUS is a webservice-based application. It's accessed through a web server, thus needs a web address.