WSUS: Script to Manually Configure Automatic Update Client (WUA) for WSUS in a workgroup environment

***This is a sample.
***Edit the Code based on your options & requirement.
***See NOTES and MORE INFORMATION section below for details.


1. Simple copy and paste the code below into a text file and name it WSUS.reg


============ START Script Code===========
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
“WUServer”=”
http://YOUR-WSUS-SERVER
“WUStatusServer”=”
http://YOUR-WSUS-SERVER
“TargetGroupEnabled”=dword:00000001
“TargetGroup”=”IT Department
“ElevateNonAdmins”=dword:00000000


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“NoAutoUpdate”=dword:00000000
“AUOptions”=dword:00000004
“ScheduledInstallDay”=dword:00000000
“ScheduledInstallTime”=dword:0000000a
“NoAutoRebootWithLoggedOnUsers”=dword:00000001
“AutoInstallMinorUpdates”=dword:00000001
“RebootRelaunchTimeoutEnabled”=dword:00000001
“RebootRelaunchTimeout”=dword:0000003c
“RescheduleWaitTimeEnabled”=dword:00000001
“RescheduleWaitTime”=dword:0000000f
“DetectionFrequencyEnabled”=dword:00000001
“RebootWarningTimeoutEnabled”=dword:00000001
“RebootWarningTimeout”=dword:0000001e
“UseWUServer”=dword:00000001
“NoAUShutdownOption”=dword:00000000
“NoAUAsDefaultShutdownOption”=dword:00000000
============ END Script Code===========


2. WSUS.reg is ready. Now cut and paste the code below into a text file and name it WSUS.bat


============ START Script Code===========
@echo off
::
Echo Save the batch file as “WSUS.bat”. This batch file will do the following:
Echo 1.    Stops the Automatic Update Service (wuauserv) service.
Echo 2.    Imports WUA settings for workstations in workgroup to detect/download/install updates
from WSUS.
Echo 3.    Starts the Automatic Update Service (wuauserv) service.
Echo 4.    Force update detection.
Echo 5.    More information on http://msmvps.com/Athif
REM INSTRUCTIONS:
REM Place both the files (WSUS.reg and WSUS.bat) in same location (single folder)
REM Double-click WSUS.bat to import WSUS.reg which contains Windows Update Agent (WUA) settings.
REM for WUA in a workgroup environment. In this sample, WSUS.reg and WSUS.bat
REM are placed in ‘c:\’.


REM Author:- Mohammed Athif Khaleel :- Date April 30, 2006
Pause
Net Stop “wuauserv”
Echo Importing WSUS.reg
%windir%\Regedit.exe /s C:\WSUS.reg
Echo WSUS.reg imported succesfully
Net Start “wuauserv”
Echo Forcing update detection
wuauclt /detectnow
Pause
============ END Script Code===========


3. At the end of this procedure, You will have 2 scripts –



  • WSUS.reg: This script contains all the WUA settings.
  • WSUS.bat: This script will import WUA settings from WSUS.reg file.

Place both the files in same location (single folder) and double-click WSUS.bat to configure Windows Update Agent (WUA) in a workgroup environment.


NOTES:


This script enables Client Side Targeting and name of the computer group to which the computer belongs to is “IT Department”. Computer group has to be pre-created on WSUS Server. Replace “IT Department” with whatever you want.
“TargetGroupEnabled”=dword:00000001
“TargetGroup”=”IT Department”


ElevateNonAdmins is set to 0 which means, when logged on, non-administrative users will NOT receive update notifications based on the configuration settings for Automatic Updates.
“ElevateNonAdmins”=dword:00000000


If WSUS is not installed in Default Website then you have to change the port for “WUServer” and “WUStatusServer” to 8530 (“http://YOUR-WSUS-SERVER:8530)


AUOptions 4 means Automatic download and scheduled installation. (Only valid if values exist for ScheduledInstallDay and ScheduledInstallTime.)
“AUOptions”=dword:00000004


The updates are scheduled to install daily (ScheduledInstallDay”=dword:00000000) at 10 AM (ScheduledInstallTime”=dword:0000000a)


NoAutoRebootWithLoggedOnUsers is enabled which Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically in 5 minutes to complete the installation.
“NoAutoRebootWithLoggedOnUsers”=dword:00000001


AutoInstallMinorUpdates is enabled which Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.
“AutoInstallMinorUpdates”=dword:00000001


RebootRelaunchTimeoutEnabled for 60 minutes to prompt again for scheduled restart(“RebootRelaunchTimeoutEnabled”=dword:00000001
“RebootRelaunchTimeout”=dword:0000003c


RescheduleWaitTimeEnabled for 15 minutes which means a scheduled installation that did not take place earlier will occur after 15 minutes after the computer is next started.
“RescheduleWaitTimeEnabled”=dword:00000001
“RescheduleWaitTime”=dword:0000000f



DetectionFrequencyEnabled set to 0 which means Windows will check for available updates at the default interval of 22 hours
“DetectionFrequencyEnabled”=dword:00000000


RebootWarningTimeout is enabled and set to 30 minutes to wait before proceeding with a scheduled restart 
“RebootWarningTimeoutEnabled”=dword:00000001
“RebootWarningTimeout”=dword:0000001e


NoAUShutdownOption is set to 0 which means  ‘Install Updates and Shut Down’ option will be available in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu. This policy applies to Windows XP SP2 only.
“NoAUShutdownOption”=dword:00000000


NoAUAsDefaultShutdownOption is set to 0 which means ‘Install Updates and Shut Down’ option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu. This policy applies to Windows XP SP2 only.
“NoAUAsDefaultShutdownOption”=dword:00000000


MORE INFORMATION


Configure Automatic Updates in a Non–Active Directory Environment
http://technet2.microsoft.com/WindowsServer/en/Library/29cfa815-991a-4f71-bd44-11c708d0aabc1033.mspx


Feel free to add a comment if this works or if it doesn’t!

One thought on “WSUS: Script to Manually Configure Automatic Update Client (WUA) for WSUS in a workgroup environment

Leave a Reply

Your email address will not be published. Required fields are marked *