Local Machine Registry

PC Repair Tools

Advanced Registry Cleaner PC Diagnosis and Repair

Get Instant Access

Regardless of the front end, almost all software configurations ultimately end up manipulating the Windows registry for final client configuration commitments. That being said, you can edit the registry directly to configure your WSUS-specific client configuration needs. In situations where Group Policy is not available due to the lack of an active Directory domain and where configuring local policy becomes too tedious because of each "logical" machine visit, a few scripting techniques might help you roll out the needed registry keys.

As mentioned, both Group Policy and Local Policy place their settings in the registry hive and keys shown here:

■ HKEY_LOCAL_MACHINESOFTWAREPolkies\ Microsoji\wmdows\WmdowsUpdate

■ HKEY_LOCAL_MACHINESOFTWAREPolkiesXMkmsoft\ windows\WindowsUpdate\AU

Table 7.4 and Table 7.5 outline each of the possible registry key combinations, their possible key partners (if necessary), the registry key data type, and the corresponding Group Policy and Local Policy. The tables are divided to show you each key separately, the first showing the WSUS client environment variables and the latter showing the AU client's own configuration options.

Table 7.4 Windows Update Agent Environment Registry Keys

Key Name

Values

Data Type

Matching Group Policy

ElevateNonAdmins

TargetGroup

WUServer

1 = Non-administrators are allowed to

Reg_DWORD

TargetGroupEnabled approve or disapprove updates.

0 = Only users in the Administrators user group can approve or disapprove updates.

This is the name of Reg_String the computer group to which you want your computer to belong (e.g., Exchange Servers.) This policy is paired with TargetGroupEnabled.

1 = Use client-side targeting.

0= Do not use client-side targeting. This policy is paired with TargetGroup.

Hypertext Transfer Protocol (HTTP)/ Hypertext Transfer Protocol Secure Sockets (HTTPS)URL of your WSUS server used by your AU client. This policy is paired with

Allow non-administrators to receive update notifications.

Enable client-side targeting.

Enable client-side targeting.

Continued

Table 7.4 continued Windows Update Agent Environment Registry Keys

Key Name

Values

Data Type

Matching Group Policy

WUStatus

WUStatusServer; Reg_String both must be set to the same value in order for them to be valid.

HTTP/HTTPS URL of Reg_String the server to which reporting information will be sent by

AU's client. This policy is paired with WUServer;

both must be set to the same value in order for them to be valid.

Specify intranet MU service location.

Specify intranet MU service location.

Table 7.5 AU Configuration Registry Keys

Matching Group Key Name Values Data Type Policy

AUOptions Range = 2 | 3 | 4 |5 Reg_DWORD Configure AU.

2 = Notify before download.

3 = Automatically download and notify for installation.

4 = Automatically download and schedule installation (valid only when used with

ScheduledInstallDay and ScheduledInstal Time values).

5 = AU is required, but local administrators can configure its settings.

Continued

Table 7.5 continued AU Configuration Registry Keys

Key Name

Values

Data Type

Matching Group Policy

AutoinstaiiMinor Updates

DetectionFrequency

DetectionFrequency Enabled

NoAutoRebootWith LoggedOnUsers

NoAutoUpdate

RebootRelaunch Timeout

0 = Treat minor updates like other updates and use scheduled times.

1 = Silently install minor, non-intrusive updates.

Range= 1 -22 Reg_DWORD

Time between AU

client detection cycles with your

WSUS server. The default is set at 22.

1 = Enable detection Reg_DWORD frequency.

0 = Disable custom Detection Frequency, which means use the default.

Allow AUs immediate installation.

AUs detection frequency.

AUs detection frequency.

0 = Enable AUs

1 = Disable AUs

Range = 1-1440 (minutes)

This is the time to wait before the AU client will re-prompt to restart after a scheduled restart has been issued.

Reg_DWORD

Reg_DWORD Configure AUs.

Reg_DWORD

Re-prompt for restart with scheduled installations.

Continued

Table 7.5 continued AU Configuration Registry Keys

Key Name

Values

Data Type

Matching Group Policy

RebootRelaunch TimeoutEnabled

RebootWarning Timeout

RebootWarning TimeoutEnabled

RescheduleWaitTime

Range = 0 | 1 1 = Enable RebootRelaunch Timeout.

0 = Disable custom Reg_DWORD RebootRelaunch

Timeout and use default value of 10 minutes.

Range = 1-30 Reg_DWORD

(minutes)

This configures the number of minutes you want your computer to wait before rebooting after a scheduled installation. The default is 5 minutes.

1 = Enable Reboot WarningTimeout.

0 = Disable custom RebootWarning Timeout value and use the default.

Range = 1-60 (minutes) Reg_DWORD

This is the amount of time your AU client should wait during a computer startup to install previously scheduled missed updates.

Re-prompt for restart with scheduled installations.

Delay restart for scheduled installations.

Delay restart for scheduled installations.

Reschedule AU

scheduled installations.

Continued

Table 7.5 continued AU Configuration Registry Keys

Key Name

Values

Data Type

Matching Group Policy

RescheduleWait TimeEnabled

ScheduledlnstallDay

1 = Enable RescheduleWaitTime.

0 = Disable RescheduleWaitTime (reschedule installation will be attempted at next scheduled interval).

Range = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 0 = Every Day 1-7 = The days of the week starting with Sunday through Saturday. Paired with AUOption and only valid if option is equal to 4.

ScheduledlnstallTime Range = 1 - 23

Representing hours in the day using a 24-hour format. Paired with AUOption and only valid if option is equal to 4.

Reschedule AUs scheduled installations.

Reg_DWORD Configure AU.

Reg_DWORD Configure AU.

UseWUServer

1 = Use WUServer paired with WUServer. WUServer will not be used if this set to = 1

Reg_DWORD Configure AU.

Some Independent Advice

When you use your Registry Editor to make WSUS changes, the UI shows those settings as "grayed out" and unchangeable, as do both Group Policy and Local Policy. The UI simply shows the changes that have been made. Be aware that because you cannot lock these down with Group Policy, anyone with the correct permissions can use the UI to change settings.

To give you an example of what a registry looks like after configuring the most common AU client requirements, the root of the WindowsUpdate key was exported.

Sample AU Client Registry Export

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate]

"WUServer"="http://WSUSServer"

"WUStatusServer"="http://WSUSServer"

"ElevateNonAdmins"=dword:000 0000 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU] "UseWUServer"=dword:00000001

"NoAutoRebootWithLoggedOnUsers"=dword:00000001

"AutoInstallMinorUpdates"=dword:00000001

"DetectionFrequencyEnabled"=dword:00000001

"DetectionFrequency"=dword:00000006

"RescheduleWaitTimeEnabled"=dword:00000001

"RescheduleWaitTime"=dword:0000000f

"NoAutoUpdate"=dword:000 0000 0

"AUOptions"=dword:00000004

"ScheduledInstallDay"=dword:00000006

"ScheduledInstallTime"=dword:000 00003

Was this article helpful?

0 0

Post a comment