Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
WSUS Clients installing unapproved updates

Answered WSUS Clients installing unapproved updates

  • Friday, February 01, 2013 10:13 AM
     
     
    Sign In to Vote
    0

    This is an odd one,

    We have a WSUS server configured to tell clients through a GPO to check in for windows updates and download them from Microsoft Update (so we don't have to have a WSUS repository taking up space). Previously we did have a WSUS repository and the same issue occured.

    While on the domain the client laptop behaves perfectly well, only ever updates if WSUS updates are approved for it's Computer Group in WSUS.

    However... if I have that laptop on the domain for say 7 days, has several reboots and NO WSUS updates are applied, when it is taken home by the user, it is put in "sleep" and when it starts back up is logged in as the domain user, if the user connects to the internet to login to our network via the VPN, it starts downloading windows updates it doesn't have, that have NOT been approved by WSUS.

    Why would this be, and how can I stop it from updating when it's "off" the domain network but connected to the internet?

    Has anyone experienced anything similar? So to re-cap, Windows Updates behave as expected on the domain network, when on any non-domain network connection the laptop installs updates it shouldn't

    Thanks

    Dougie

    (Server is Windows Server 2003 SP2, with WSUS 3.0 SP2 installed, laptop is x64 Windows 7)
     

All Replies

  • Friday, February 01, 2013 5:14 PM
     
     Answered
    Sign In to Vote
    0

    Check this, it might help: http://technet.microsoft.com/en-us/library/dd939844%28v=ws.10%29.aspx

    Check registry settings pointing out to wsus server.

     
  • Saturday, February 02, 2013 2:10 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Why would this be, and how can I stop it from updating when it's "off" the domain network but connected to the internet?

    The "why" will be quite explicitly logged in the WindowsUpdate.log on the client system, so rather than speculate "why" some apparent mystery might be occuring, I think it would be simpler to just look in the logfile and see what DID actually happen. If you'd like to email me the full logfile (my email address is in my MVP profile) I'd be happy to take a look-see.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

     
  • Monday, February 04, 2013 12:43 PM
     
     
    Sign In to Vote
    0

    Thank you Lawrence, I will send over a copy of the log from the Client, I've looked at it, and while I can see it trying to talk to a domain controller that's a WSUS downstream server, I don't understand the log well enough to get what's happening.

    Thanks

    Dougie