windowswideopen.com

Client Registry Settings

SUS Client Registry Key settings and values:
================================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoWindowsUpdate”=dword:00000001(enabled) or dword:00000000(disabled)
Setting this to 1 disables and removes links to Windows Update.Description:Removes the Windows Update link from the More Programs list in Start menu, from the Tools menu in IE, and blocks user access to http://windowsupdate.microsoft.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
“DisableWindowsUpdateAccess”=dword:00000001(enabled) or dword:00000000(disabled)
This setting allows you to remove access to Windows update. If enabled, all Windows Update features will be removed and blocked. This includes blocking access to the Windows Update Web site at http://windowsupdate.microsoft.com and from the Windows Update hyperlink on the Start menu and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy also prevents Device Manager from automatically installing driver updates from the Windows Update Web site.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
“WUServer”=”http://SUSServer”
Sets the MSUS server by HTTP name. Value type is string.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
“WUStatusServer”=”http://SUSServer”
Sets the MSUS intranet statistics server by HTTP name. Value type is string.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“AUOptions”=dword: Value is either 2, 3, or 4.
2 = Notify for download and install,
3 = Automatically download and notify for install,
4 = Automatically download and schedule the install.
Note: All options will notify the local administrator.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“NoAutoRebootWithLoggedOnUsers”=dword:00000001(enabled) or dword:00000000(disabled)
0 = enabled ,
1 = disabled. Value type is dword.
If the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer to complete the installation.

Be aware that Automatic Updates will not be able to detect future updates until the restart occurs.

If the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation.

Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the
“Configure Automatic Updates” policy is disabled, this policy has no effect.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“NoAutoUpdate”=dword:00000001(enabled) or dword:00000000(disabled)
0 = Automatic Updates client is enabled (default),
1 = Automatic Updates client is disabled. Value type is dword.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“RescheduleWaitTime”= dword range: 00000001(1min) to dword:0000003c(60min)
dword:00000001 = 1 minute
dword:00000002 = 2 minutes
dword:00000003 = 3 minutes
dword:00000004 = 4 minutes
dword:00000005 = 5 minutes
dword:00000006 = 6 minutes
dword:00000007 = 7 minutes
dword:00000008 = 8 minutes
dword:00000009 = 9 minutes
dword:0000000a = 10 minutes
dword:0000000b = 11 minutes
dword:0000000c = 12 minutes
dword:0000000d = 13 minutes
dword:0000000e = 14 minutes
dword:0000000f = 15 minutes
dword:00000010 = 16 minutes
dword:00000011 = 17 minutes
dword:00000012 = 18 minutes
dword:00000013 = 19 minutes
dword:00000014 = 20 minutes
dword:00000015 = 21 minutes
dword:00000016 = 22 minutes
dword:00000017 = 23 minutes
dword:00000016 = 22 minutes
dword:00000017 = 23 minutes
dword:00000018 = 24 minutes
dword:00000019 = 25 minutes
dword:0000001a = 26 minutes
dword:0000001b = 27 minutes
dword:0000001c = 28 minutes
dword:0000001d = 29 minutes
dword:0000001e = 30 minutes
dword:0000001f = 31 minutes
dword:00000020 = 32 minutes
dword:00000021 = 33 minutes
dword:00000022 = 34 minutes
dword:00000023 = 35 minutes
dword:00000024 = 36 minutes
dword:00000025 = 37 minutes
dword:00000026 = 38 minutes
dword:00000027 = 39 minutes
dword:00000028 = 40 minutes
dword:00000029 = 41 minutes
dword:0000002a = 42 minutes
dword:0000002b = 43 minutes
dword:0000002c = 44 minutes
dword:0000002d = 45 minutes
dword:0000002e = 46 minutes
dword:0000002f = 47 minutes
dword:00000030 = 48 minutes
dword:00000031 = 49 minutes
dword:00000032 = 50 minutes
dword:00000033 = 51 minutes
dword:00000034 = 52 minutes
dword:00000035 = 53 minutes
dword:00000036 = 54 minutes
dword:00000037 = 55 minutes
dword:00000038 = 56 minutes
dword:00000039 = 57 minutes
dword:0000003a = 58 minutes
dword:0000003b = 59 minutes
dword:0000003c = 60 minutes

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“ScheduledInstallDay”= Dword Range is 0, 1, 2, 3, 4, 5, 6, 7.
dword:00000000 = Everyday
dword:00000001 = Sunday
dword:00000002 = Monday
dword:00000003 = Tuesday
dword:00000004 = Wednesday
dword:00000005 = Thursday
dword:00000006 = Friday
dword:00000007 = Saturday

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“ScheduledInstallTime”= dword: (need to convert number from hex to dec to get time)
dword:00000000 = 12:00am (midnight)
dword:00000001 = 1:00am
dword:00000002 = 2:00am
dword:00000003 = 3:00am
dword:00000004 = 4:00am
dword:00000005 = 5:00am
dword:00000006 = 6:00am
dword:00000007 = 7:00am
dword:00000008 = 8:00am
dword:00000009 = 9:00am
dword:0000000a = 10:00am
dword:0000000b = 11:00am
dword:0000000c = 12:00pm (noon)
dword:0000000d = 1:00pm
dword:0000000e = 2:00pm
dword:0000000f = 3:00pm
dword:00000010 = 4:00pm
dword:00000011 = 5:00pm
dword:00000012 = 6:00pm
dword:00000013 = 7:00pm
dword:00000014 = 8:00pm
dword:00000015 = 9:00pm
dword:00000016 = 10:00pm
dword:00000017 = 11:00pm
Value = the time of day in 24-hour format (0-23). Value type is dword.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“UseWUServer”=dword: dword:00000001(use a WUServer) or dword:00000000(do not use WUserver)
Set this value to 1 to enable the Automatic Updates client to use the Microsoft Software Update Services server as specified in WUServer. Value type is dword.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ nWindowsUpdate\Auto Update]
“DetectionStartTime”=”2002.08.15 04:31:25“
Value is a Date and Time Stamp, Value Type is REG_SZ
A detection cycle should occur within 10 minutes of this timestamp.
To force an Automatic Updates client to perform a detection, follow the instructions outlined in KB Article below:

326693 How to Force Automatic Updates 2.2 to Perform a Detection Cycle
http://kb/article.asp?id=Q326693 Q326693.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
“AUState” n Value is 0, 1, 2, 3, 4, 5, 6, 7, or 8. Value type is dword.
0 = Initial 24 hour timeout (the AU wizard does not run until 24 hours after it first detects an Internet connection)
1 = “Automatic Updates is waiting for the user to run the AU setup wizard.” It’s relevant for people who are running AU but not SUS. When AU detects that you have an Internet connection and it starts bugging you, then AUState is 1.
2 = “detect pending” “Detect pending” refers to the fact that AU is idle for 17 to 22 hours, and then it goes out and checks for new updates. The process of asking about new updates is apparently also known as “detecting.” “Detect pending,” then, means “AU has downloaded and installed all of the updates that it found last time and waiting for some time before checking with its update server again.”
3 = “Download Pending”: AU has detected available updates and has asked the user if it can update them but the user either hasn’t responded or hasn’t allowed it yet.
4 = “Download in progress”: AU is downloading patch(es) right now.
5 = “Install Pending”: AU has downloaded patches to the WUTemp directory and is waiting to install them. It is either waiting for approval from the user via the Automatic Updates user interface, or it is waiting for the scheduled hour of day to begin installing.
6 = “Install Complete”: Patches have been downloaded and installed.”
7 = “Disabled.” (Adoptions will also be set to a value of 0×1)
8 = “Reboot Pending”: Patch(es) requiring a reboot have been installed. However, the user told Auto Updates not to reboot; AU will do nothing until the next reboot.”

WSUS WSUS CLient Regsitry settingsWSUS WSUS CLient Regsitry settings

No Comments »
Filed under: WSUS

Verify the Language Settings

—————————–

1. Start Internet Explorer.

2. Click “Tools”, and then click “Internet Options”.

3. Click the “General” tab, and then click “Languages”.

4. In the “Language “list, make sure that the operating system language version is included. If the operating system language version is not on the list, click “Add”, click the language in the “Language” list, and then click “OK” three times.

Internet Zone Security

—————————-

1. Start Internet Explorer.

2. Click “Tools”, and then click “Internet Options”.

3. Click the “Security” tab, and in the” Select a Web content zone to specify its security settings” box, click “Internet”.

4. Click “Default Level”, and then click “Apply” to set this zone to Medium security.

5. Click “OK”.

Verify that the Date and Time is Set Correctly

———————————————-

1. Click “Start”, click “Control Panel”, and then double- click “Date and Time”.

2. Click the “Date and Time” tab, and then verify and correct, if necessary, the date and time.

To set the correct date and time, follow these steps:

a. In the “Date” box, in the month list, click the present month.

b. In the year list, click the present year.

c. In the calendar, click the present date.

d. In the “Time” box, click to select the hour and then use the up or down arrow to adjust the hour. Repeat his procedure for the minute and second settings.

e. Click “a.m.” or “p.m.” and use the up or down arrow to change to a.m., if it is currently before noon, or p.m., if it is currently after noon.

f. Click the “Time Zone” tab, and then in the “Time Zone “list, click the time zone for the place where you are currently.

3. Click “Apply”, and then click “OK”.

Set the Operating System to Display Hidden Files

————————————————

1. Click “Start”, and then click “Control Panel”.

2. Double-click “Folder Options”.

3. Click the “View” tab, and in the “Advanced settings” box, find

“Hidden files and folders”, and then click to select “Show Hidden files and folders”.

Rename the Catalog Files

————————

NOTE: This section does not apply to Windows 98 and Windows Millennium Edition.

1. Click “Start”, click “Run”, type “CMD” (without the quotation marks), and then click “OK” to open Command Prompt.

2. Type “CD\” (without the quotation marks), and then press ENTER.

3. Type “CD WINDOWS\System32\Catroot2″ (without the quotation marks), and then press ENTER.

4. Type “REN edb.log edb.old” (without the quotation marks), and then press ENTER.

Remove and Reinstall Windows Update Dependent Files and Folders

—————————————————————

1. Click “Start”, click “Run”, type “cleanmgr” (without the quotation marks), and then click “OK”.

2. In Disk Cleanup, in the “Files to delete” list, click to select “Temporary Internet Files”, click to clear all other items in the list, and then click “OK”.

3. Click “Start”, click “Run”, type “CMD” (without the quotation marks), and then click “OK”.

4. Type “CD\” (without the quotation marks), and then press ENTER.

5. Type “MD backup” (without the quotation marks), and then press ENTER.

6. Type “CD Program Files\WindowsUpdate\V4″ (without the quotation marks), and then press ENTER.

7. Type “copy iuhist.xml C:\backup” (without the quotation marks), and then press ENTER.

8. Type “del *.*” (without the quotation marks), and then press ENTER.

9. Type “CD\” (without the quotation marks), and then press ENTER.

10. Type “CD C:\Windows\System32\dllcache” (without the quotation marks), and then press ENTER

11. Type “del iuengine.dll” (without the quotation marks), and then press ENTER

12. Type “del iuctl.dll” (without the quotation marks), and then press ENTER.

13. Type “del iuenginenew.dll” (without the quotation marks), and then press ENTER.

14. Type “CD\” (without the quotation marks), and then press ENTER.

15. Type “Del WUTemp” (without the quotation marks), and then press ENTER. NOTE: If you are prompted to insert the Windows installation CD-ROM, click “Cancel”. You will download newer versions of these files from the Windows Update Web site.

16. Type “MD wupdate” (without the quotation marks), and then press ENTER.

17. Click this link to visit http://v4.windowsupdate.microsoft.com/cab/x86/unicode/iuctl.cab.

18. In “File Download”, click “Save”.

19. In the “Save In” list, click “Local Disk (C:)”, click “wupdate”, and then click “Save”.

20. In “Download Complete”, click “Close”.

21. In Command Prompt, type “cd wupdate” (without the quotation marks), and then press ENTER.

22. Type “expand -f:* iuctl.cab C:\wupdate” (without the quotation marks), and then press ENTER.

23. Click “Start”, right-click “My Computer”, and then click “Explore”.

24. Double-click “Local Disk (C:)”, and then double-click “wupdate”.

25. Right-click “iuctl.inf”, and then click “Install”

Verify That Port 443-https is Open

———————————-

Windows Update uses the Secure HTTP port to connect to your computer. To test whether port 443 is open on your computer, follow these steps:

1. Start Internet Explorer.

2. In the Address bar, type “https://www.microsoft.com:443″ (without the quotation marks), and then press ENTER.

If you cannot connect to Microsoft.com, or you receive an error message, the port may be blocked.

Clear “Automatically Detect Settings” and “Use Automatic Configuration Script” in LAN Settings

——————————————————————————————

1. Click “Start”, and then click “Control Panel”.

2. Double-click “Internet Options”.

3. Click the “Connections” tab, and then click “LAN Settings.”

4. Click to clear the “Automatically detect settings” and “Use automatic configuration script” checkboxes.

Turn Off Any Personal Firewall That Is Installed On Your Computer.

——————————————————————

If you have a firewall installed on your computer, close the program, and stop the service. To stop the service, follow these steps:

1. Click “Start”, click “Administrative Tools” and then double-click

“Services”.

2. In the list of services, right-click the service for your firewall software, and then click “Stop”.

Disable Third Party Services

——————————

NOTE: This section applies to Windows XP only.

1. Click “Start”, click “Run”, type “msconfig” (without the quotation marks), and then click “OK”.

2. In “System Configuration Utility”, clicks the “Services” tab, and then clicks to select the “Hide all Microsoft Services” check box.

3. Click “Disable All”, and then click “OK”.

4. Restart your computer, and then run Windows Update. If you can now connect to Windows Update, then the problem is related to some third-party software.

5. To determine the third party software that is causing the problem, in System Configuration Utility, click to select the check box for one Non-MS Service at a time, in order to turn that service back on again, restart your computer and then run Windows Update. When Windows Update does not connect, the service that you enabled last is the cause of the problem.

WSUSWSUS

No Comments »
Filed under: WSUS

If your client computers fail to appear on the computers page of the WSUS admin console then apply the following troubleshooting steps to help isolate the problem:

1. Ensure that “Configure Automatic Updates” policy (Group Policy Object Editor -> Computer Configuration,->Administrative Templates-> Windows Components,->Windows Update) is configured with one of the following options:• Notify for download and notify for install: This option notifies a logged-on administrative user before the download and before the installation of the updates.
   • Auto download and notify for install: This option automatically begins downloading updates and then notifies a logged-on administrative user before installing the updates.
   • Auto download and schedule the install: If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.
   • Allow local admin to choose setting.
2. Restart the Automatic updates services on the problem computer(s). From a CMD prompt type net stop wuauserv && net start wuauserv
3. Verify that you clients can self-update. See http://go.microsoft.com/fwlink/?linkid=79983
4. Verify that your clients have received the relevant Windows Update policy. An easy way to verify this is to check the properties of Automatic Updates (Control Panel - > Automatic Updates). If the properties of the AU page are greyed out then it is likely the policy was applied.
5. Verify the SUS settings on the problem client. Download the Windows Update Client Diagnostic (http://technet.microsoft.com/en-us/wsus/bb466192.aspx) run against a problem client. A report will be generated on the clients status.
6. If some clients appear in the WSUS console then you can be convinced that the server settings are correct.
7. Check the IIS logs on the WSUS server for any relevant errors. Location: %windir%\system32\LogFiles\W3SVC1
8. Ensrue that the problem client can communicate with the WSUS server by browsing to http://WSUSServerName/selfupdate/wuident.cab. If the download prompt appears then communication is fine. Otherwise investigate.
9. Edit the following registry keys on the problem client manually: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\

   Value name: WUServer
   Registry Value Type: Reg_SZ
   This value sets the WSUS server by HTTP name (for example, http://IntranetWSUS).

   Value name: WUStatusServer
   Registry Value Type: Reg_SZ
   This value sets the WSUS statistics server by HTTP name (for example, http://IntranetWSUS).HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
   Add any one of the following settings:
   •    Value name: NoAutoUpdate
   Value data: 0 or 1
   •    0: Automatic Updates is enabled (default).
   •    1: Automatic Updates is disabled.
   Registry Value Type: Reg_DWORD
   •    Value name: AUOptions
   Value data: 1 to 4
   •    1: Keep my computer up to date has been disabled in Automatic Updates.
   •    2: Notify of download and installation.
   •    3: Automatically download and notify of installation.
   •    4: Automatically download and scheduled installation.
   Registry Value Type: Reg_DWORD
   •    Value name: ScheduledInstallDay
   Value data: 0 to 7
   •    0: Every day.
   •    1 through 7: The days of the week from Sunday (1) to Saturday (7).
   Registry Value Type: Reg_DWORD
   •    Value name: ScheduledInstallTime
   Value data: n, where n equals the time of day in a 24-hour format (0-23).
   Registry Value Type: Reg_DWORD
   •    Value name: UseWUServer
   Value data: Set this value to 1 to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update.
   Registry Value Type: Reg_DWORD
   •    Value name: RescheduleWaitTime
   Value data: m, where m equals the time to wait between the time Automatic Updates starts and the time it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes)
   Registry Value Type: Reg_DWORD

10. It may sound silly but refresh the Computers page in the WSUS administration console

Windows XP WSUS WSUS administration console WSUS client computersWindows XP WSUS WSUS administration console WSUS client computers

No Comments »
Filed under: Windows XP, WSUS