locked
Non WSUS machines picking up windows updates RRS feed

  • Question

  • Basically in our environment we have a few hundred machines, recently we have began deploying WSUS and serving updates to certain machines. We have only assigned a small handful of machines to get updates from our WSUS server, but it seems a number of other machines are picking up these updates? Is this actually possible, currently we are assigning machines through a GPO and its working perfectly, we have the GPO replicated in various OU's, or in certain cases manually entered the address etc on the machine locally... Any Ideas?

    Monday, July 21, 2014 1:34 PM

Answers

  • Hi,

    You description seems a bit contradiction for me.

    If you want your WSUS provide update for certain machines, you need create GPO linked to certain OUs. Make sure the rest cannot apply this GPO.

    But according to the title, it will be another problem. Please check the following key.

    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

    The settings will applied to this registry key. WUServer and WUStatusServer should point to your WSUS. If the correct setting applied but client still cannot get update from the server, please check windowupdate.log.

    If the issue persist, please elaborate what you are trying to achieve. And provide the following information:

    WSUS version and client version

    Windowsupdate.log

    Hope this helps.

    • Marked as answer by Daniel JiSun Tuesday, July 29, 2014 2:58 AM
    Tuesday, July 22, 2014 1:46 AM
  • We have only assigned a small handful of machines to get updates from our WSUS server, but it seems a number of other machines are picking up these updates? Is this actually possible

    It's NOT possible that machines NOT assigned to use a WSUS server can get updates FROM a WSUS server, but it's DEFINITELY possible that machines not assigned to use a WSUS server can get updates from WINDOWS UPDATE. What information are you using to base your presumption that these machines are getting their updates from the WSUS SERVER?
    ...currently we are assigning machines through a GPO and its working perfectly...
    Hmmm.. maybe "too perfectly"??? What methodology did you use to ensure the GPOs were only applied to the systems you WANT the GPOs to be applied to?

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by Daniel JiSun Tuesday, July 29, 2014 2:59 AM
    Tuesday, July 22, 2014 3:02 AM

All replies

  • Hi,

    You description seems a bit contradiction for me.

    If you want your WSUS provide update for certain machines, you need create GPO linked to certain OUs. Make sure the rest cannot apply this GPO.

    But according to the title, it will be another problem. Please check the following key.

    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

    The settings will applied to this registry key. WUServer and WUStatusServer should point to your WSUS. If the correct setting applied but client still cannot get update from the server, please check windowupdate.log.

    If the issue persist, please elaborate what you are trying to achieve. And provide the following information:

    WSUS version and client version

    Windowsupdate.log

    Hope this helps.

    • Marked as answer by Daniel JiSun Tuesday, July 29, 2014 2:58 AM
    Tuesday, July 22, 2014 1:46 AM
  • We have only assigned a small handful of machines to get updates from our WSUS server, but it seems a number of other machines are picking up these updates? Is this actually possible

    It's NOT possible that machines NOT assigned to use a WSUS server can get updates FROM a WSUS server, but it's DEFINITELY possible that machines not assigned to use a WSUS server can get updates from WINDOWS UPDATE. What information are you using to base your presumption that these machines are getting their updates from the WSUS SERVER?
    ...currently we are assigning machines through a GPO and its working perfectly...
    Hmmm.. maybe "too perfectly"??? What methodology did you use to ensure the GPOs were only applied to the systems you WANT the GPOs to be applied to?

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by Daniel JiSun Tuesday, July 29, 2014 2:59 AM
    Tuesday, July 22, 2014 3:02 AM