locked
Possible to select Windows upate server location depends on IP address ? RRS feed

  • Question

  • Hi,

    As title, compnay have some laptop pc for management grade staffs use but not always in office.

    I would like to monitor their update status from WSUS. But those laptop pc not always connect to company network.

    Thus, they may not get the latest update constantly.

    Therefore, is possible to configure to let those laptop pc update from internal WSUS and MS server if under different network ?


    Thanks

    Monday, January 21, 2019 1:57 AM

All replies

  • So, what happens in the event that you want to hold off on an update because it causes issues with a critical piece of software after testing? If a laptop is away from the office and not connected to VPN, you want it to check with Microsoft, find that there's an update, download and install it, and that update breaks the system?

    Alternative:

    https://www.ajtek.ca/wsus/externally-facing-wsus-servers/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Monday, January 21, 2019 4:51 AM
  •   

    Hello,

    There is not a simple switch to choose the update source based on the network. However, there are ways to achieve your goals.

    To use an internal WSUS server or not is controlled by a registry key. 

    • Name: UseWUServer
    • Type: REG_DWORD
    • Path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

    1 of its value means using WSUS and 0 means not. We could use a script to detect the IP address. If it is not in the domain network, then change the registry to directly connect to WU to scan/download updates. There may be some details to discuss, but this should be feasible.
     
    Or we could change our thinking directions and increase their chances of getting updates when they are in the domain network. We could specify some policies to them, reduce their scanning interval, set their patch installation time to the time they are most likely to be on the domain network, and so on.
     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray


    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 21, 2019 6:40 AM
  • Hi Adam,

    Sicne those laptop pc joined domain, for some audit reason I have to provide Windows update report to show all pc instlled latest update.

    Thus I want a solution.

    Thanks

    Monday, January 21, 2019 7:14 AM
  • Hello,
     
    Wsus is a simple system. It's not smart enough by itself.
     
    Use a logon script to force clients to check for updates/report their status. 
     
    Best Regards,
    Ray

    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 21, 2019 10:19 AM
  • Hi Ray,

    Logon script to switch Windows Update server between WSUS and MS server ?

    Thanks

    Thursday, January 24, 2019 8:43 AM
  • Hello,
     
    Yes.
     
    And you also could use a logon script to force a WUA scan/download cycle to reduce the possibility of missing updates.
     
    Best Regards,
    Ray

    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 25, 2019 11:33 AM
  • Hi Ray,

    Do you have an example of logon script ?

    Thanks

    Monday, February 4, 2019 4:14 AM
  • Hello,
     
    I have not the script to switch the scan source. However, the commands to start the scan are listed as follows.
     
    For clients prior to Windows 10:
     
    wuauclt /resetauthorization /detectnow

    For Windows 10 and later:
     
    UsoClient.exe startscan
     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray

    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 4, 2019 5:48 AM