none
How to stop WSUS loggin to user profile (growing log size)

    Question

  • <by recommendation of Santhosh Sivarajan reposting here this original post: http://social.technet.microsoft.com/Forums/en-US/winserverManagement/thread/ea92e987-72e5-47c0-938b-6161c1b4971d>

    "WindowsUpdate.log" is growing in "%USERPROFILE%\Local Settings\Application Data\Microsoft\Windows" folders, on Windows Server 2003 EE SP2 machine, of all users that connected by Terminal Services, with running startup program on their sessions (no desktop)

    It is full of warnings, that "wuauclt.exe" can't show the "reboot dialog", up to 16 records for every 15 seconds:

    --2010-03-31 13:07:14:330 7676 1818 Misc ===========  Logging initialized (build: 7.2.6001.788, tz: +0300)  ===========
    2010-03-31 13:07:14:330 7676 1818 Misc   = Process: C:\WINDOWS\system32\wuauclt.exe
    2010-03-31 13:07:14:330 7676 1818 AUClnt Launched Client UI process
    2010-03-31 13:07:14:548 7676 1818 Misc ===========  Logging initialized (build: 7.2.6001.788, tz: +0300)  ===========
    2010-03-31 13:07:14:548 7676 1818 Misc   = Process: C:\WINDOWS\system32\wuauclt.exe
    2010-03-31 13:07:14:548 7676 1818 Misc   = Module: C:\WINDOWS\system32\wucltui.dll
    2010-03-31 13:07:14:548 7676 1818 CltUI AU client got new directive = 'Reboot Pending', serviceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, return = 0x00000000
    2010-03-31 13:07:14:548 7676 1818 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x3, hr=0x80070002)
    2010-03-31 13:07:14:548 7676 1818 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x3, hr=0x80070002)
    2010-03-31 13:07:14:548 7676 1818 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x3, hr=0x80070002)
    2010-03-31 13:07:14:548 7676 1818 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x3, hr=0x80070002)
    2010-03-31 13:07:14:548 7676 1818 CltUI FATAL: Failed to show client UI, directive=9, hr=80070002
    2010-03-31 13:07:14:548 7676 1818 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x2, uFlags=0x0, hr=0x80070002)
    2010-03-31 13:07:14:548 7676 1818 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x2, uFlags=0x0, hr=0x80070002)
    2010-03-31 13:07:14:548 7676 1818 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x2, uFlags=0x0, hr=0x80070002)
    2010-03-31 13:07:14:548 7676 1818 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x2, uFlags=0x0, hr=0x80070002)--

    ... and so on, more that 12000 records for working day, and if user leave session disconnected - more than 65000 records (until soonest night reboot), this log is appending data ... (100, 70, 50, ...)MB wasted in each user profile and quota, because this log file owner is set to corresponding user account in each user's profile.

    %SystemRoot%\WindowsUpdate.log is rewrited regulary and it's 1 MB in size ...

    How to stop this logging for users?

    Disabling Windows Update notifications about reboot in (GPO\User Configuration ...) - is not acceptible ... (GPO\Computer Configuration) Windows Update notifications about updates configured to administrative users only, but logging goes on about reboot notifications for all TS users having no server desktop in sessions.

    How to stop only WU client logging process for users, to save disk space?

    Monday, June 21, 2010 3:17 PM

Answers

  • "WindowsUpdate.log" is growing in "%USERPROFILE%\Local Settings\Application Data\Microsoft\Windows"

    The core defect here is that the WindowsUpdate.log is being written into the %USERPROFILE% rather than %SYSTEMROOT%.

    The key question is how is that happening!? The solution is to make it stop.

    It is full of warnings, that "wuauclt.exe" can't show the "reboot dialog", up to 16 records for every 15 seconds:

    This is likely a real scenario, and fully expected on a Terminal Services server. The WUAgent should *NOT* have the ability to interact with users on a Terminal Services server, and certainly not to prompt a TS user to make decisions about rebooting such a server!

    To prevent a Terminal Services server from attempting to interact with logged on users, an AD Security Group should be created for Terminal Services users (or a COMPUTER policy set on the Terminal Services server) to enable the policy setting "Remove all access to use Windows Update features".


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Monday, May 6, 2013 9:49 PM
    Moderator