Local Group Policy

Although Local Group Policy is last in the priority order when discussing LSDO, it is the highest in priority when dealing with non-ACTIVE DIRECTORY clients. Since there are no Site or Domain-specific GPO's on a stand-alone machine, the Local Group Policy is the one place to set and manage your WSUS policy settings.

To configure your stand-alone clients for WSUS updates, follow these steps using your local machine GPO Editor (formally known as the Group Policy Editor in Windows 2000):

1. Click Start | Run and type gpedit.msc to open up your GPO Editor.

2. Expand Computer Configuration | Administrative Templates | Windows Components.

3. Click on Windows Update and in the right-hand side of the window you will notice most of the same WSUS configurable settings, shown previously in the domain GPO Group Policy settings, depending on OS type and version. See Figure 7.13 for the local Group Policy configuration settings for a Windows XP SP2 machine.

Figure 7.13 Windows XP SP2 Local Group Policy

File Action View Help

Local Computer Poicy S-(5l Computer Configuration l±} Cj Software Settings IÉ-C3 Whdows Sellings B L3 Administrative Templotes 0 LJ Windows Components : rj NetMeeting Hl-O Memet E^orer O Appicabon Compatibiily P] Event Vœwer

1 Internet Information Sejvices Q] S écurie Cenier ■Q Task Schedulei 3 LJ Teirninal Services •P 1 Windows Explorer Windows Installer •|_J Window M«senoer LJ Windows Meda Digital Rights M 1 Windows Movie Maker

L~) Windows Media Plaj^ei Ep LJ System ± LJ Network i—f5l Printers B-^P Usei Corfojaüon E'LJ Software S elttigs ^ E LJ Whdows Settings ^

Setting

Do not display lnstdl Updates and Shut Down' option h Shut Down Windows d Do not adjust default option to Install Updates and Shut Down' in Shut Down W J=j<| Cortfiguie Automatic Updates B Specify intranet Mictosoft update seivice location EnaWe cient-side targeting

ReschedJe Automatic Updates schedJed instalations .-'£p No auto-iestait foi scheduled Automatic Updolles hstalatbns

Automatic Updates detection frequency -'V Alow Automatic Updates immediate installation '¡■ft Delay Restart for scheduled retaliations

Reprompt for restart isith scheduled installations Alow non-administrators to receive update notifications

\ Extended Standard /~

Once you configure settings in the local Group Policy of a client machine, those settings become effective immediately, because they are locally configured and there is no waiting for Group Policy update intervals to take place. However, this does not mean that the client will automatically contact your WSUS server; this depends on your detection interval setting. The default detection interval setting is every 22 hours, plus a random offset (discussed in more detail later in this chapter).To force your stand-alone client to check in with your WSUS server after a manual configuration change using local Group Policy, do one of the following.

To initiate a manual detection from the client to the WSUS server:

1. Click on Start | Run and type in wuauclt.exe /detectnow.

Stopping and starting the AU client will automatically force the WSUS AU client into a detection state, and thus will check in with its configured WSUS server.

1. Click on Start | Run and type cmd to take you to a Command Prompt window.

2. Type net stop wuauserv or net stop "Automatic Updates" to stop the AU client.

3. Type net start wuauserv or net stop "Automatic Updates" to start the AU client.

All of the settings previously discussed in Using Group Policy are the same settings that are available when using the local GPO Editor. Although the editing location is different, the configured registry keys are all the same.

Was this article helpful?

0 0

Responses

  • william
    Where in local security policy is wsus?
    6 months ago
  • eddie
    Where is the wsus policy on local machine?
    5 months ago
  • James
    Where are the google setting in local group policy located?
    2 months ago

Post a comment