locked
reset wsus authorization RRS feed

  • Question

  • Hello, 

    I want deploy the bath bellow for GPO, to force clients Wsus to console, 

    I'm going to put the bat in the Machine GPO to run when the pc gets it, but I want to create a parameter to validate if it has already run so I will not run again.

    Can you help?

    net stop wuauserv
    reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f 
    reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation /f
    net start wuauserv
    wuauclt.exe /resetauthorization /detectnow
    pause


    • Moved by Bill_Stewart Wednesday, August 2, 2017 4:15 PM Move to more appropriate forum
    Wednesday, August 2, 2017 3:52 PM

All replies

  • Use Group policy preferences to delete the following keys

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f

    Set it to only apply once.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Proposed as answer by Yan Li_ Friday, August 4, 2017 8:06 AM
    Thursday, August 3, 2017 3:24 AM