none
Windows Update issue

    Question

  • Hello,

    I have a remote Windows 7 client getting the following message when attempting to install windows updates:

     

    'SOME SETTINGS ARE MANAGED BY YOUR SYSTEM ADMINISTRATOR'

     

    Yes, the client is part of a domain, BUT the client is a member of a group in AD specifically for remote clients who CAN manage their own updates and yes the client has been able to install updates previously until now so I'm not sure what has changed. 

     

    I found a thread mentioning to check these settings on the client but other than this, is there something else I should be checking as well?

    Thanks in advance...

     

    Click Start, type gpedit.msc and press enter.

     

    Navigate to Computer Configuration-> Administrative Templates -> Windows Component -> Windows Update. Make sure the states of all setting are Not Configured.

     

    Navigate to Computer Configuration-> Administrative Templates-> System-> Internet Communication Management-> Internet Communication settings. Make sure the state of “Turn off access to all Windows Update features” is Not Configured.

    Friday, February 10, 2012 8:50 PM

Answers

  • Thanks to all and this issue is now resolved.  DNS entries were needed on my VPN server & was it was done remote users now are able to run gpupdates remotely.

    I couldn't ping my domain name or FQDN remotely so that's how this was discovered.

    • Marked as answer by xmr25 Tuesday, February 28, 2012 2:46 PM
    Tuesday, February 28, 2012 2:46 PM

All replies

  • Try running a Resultant Set of Policy to determine if there is a GPO applying to the machine - rsop.msc

    Run a Group Policy Update and reboot the computer to make sure that all policies have been applied correctly - gpupdate /force

    If the machine was previously in a location where it did receive Windows Update GPOs, those settings could have tattooed in the registry.  Verify that the GPO registry settings for Windows Update do not exist.


    Rich Prescott | Infrastructure Architect, Windows Engineer and PowerShell blogger | MCITP, MCTS, MCP

    Engineering Efficiency
    @Rich_Prescott
    Windows System Administration tool
    AD User Creation tool

    Saturday, February 11, 2012 1:38 AM
  • Thanks Rich, I will have my remote user check rsop.msc.

    Question, should all the Windows Update policies still be enabled in this case when he checks?

    Monday, February 13, 2012 5:36 PM
  • Hi,

    This issue can occur if a certain group policy blocks the access to Windows Update. Besides of checking the group policies, maybe you should scan your computer to remove the malware and spyware.

    If the issue persists, you could add the domain account to the local administrators  or create an domain account for a test.

    Here is a similar discussion can be referred to.

    Windows Update states "Some settings are managed by your system administrator"

    http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/windows-update-states-some-settings-are-managed-by/e1a36858-d2bb-438f-bd4f-c010d804fcad

    Tuesday, February 14, 2012 5:11 AM
  • Thanks to all the replies.

    Here is an update and I believe I found the problem.  A 2nd remote client is having the same issue with Event ID 1058 and the file path for gpt.ini seems invalid as it starts with my domain name instead of a domain controller name.

    \\domainname\SysVol\domainame\Policies\{B839.......}\gpt.ini

    How do I correct this on the DC?

    Thank you...

    Tuesday, February 14, 2012 6:27 PM
  • Here is an update.  After a reboot of my WSUS server, I was able to successfully run gpupdate /force on my notebook which is a member of the remote users group that is able to run their own updates.  Now the notebook was at work inside the firewall when I ran gpupdate /force.  Now I need to see if the original remote client will be able to successfully run gpupdate /force, however that client is a desktop not a notebook.  Is it possible to successfully run a gpupdate /force remotely via a VPN connection or will the desktop need to be brought into the office?

    Thank you...

    Wednesday, February 15, 2012 3:20 PM
  • I think it is possible.

    Tuesday, February 28, 2012 8:35 AM
  • Thanks to all and this issue is now resolved.  DNS entries were needed on my VPN server & was it was done remote users now are able to run gpupdates remotely.

    I couldn't ping my domain name or FQDN remotely so that's how this was discovered.

    • Marked as answer by xmr25 Tuesday, February 28, 2012 2:46 PM
    Tuesday, February 28, 2012 2:46 PM