You can always configure AU Client settings thru Group Policy Settings, or manually via the Registry Editor; for the purpose of this illustration, we’ll focus on the configuration of update settings via a GPO.
Configuring AU Client settings via Group Policy
The simplest (and arguably the best) way of configuring Automatic Update Client settings is by use of Group Policy objects in Active Directory Environments. This method allows greater granularity and control over how the Automatic Updates Client behaves, and to apply any changes to it. You will need to configure the AU client using a GPO if you want to get updates from your Local SUS server.
At this point, you’ll want to download the WUAU.adm Template from the Microsoft web site. See the direct link in RESOURCES Section at the end of this article.
Next, you will need to identify the target clients that will use your SUS Server to obtain critical patches. Here are the steps:
1. Open Active Directory Users & Computers.
2. Open the GPO from the target OU.
3. Add a new policy & expand the Computer Configuration container.
4. Expand the Administrative Templates container
5. Right click Administrative Templates in the MMC and import the WUADM template in to the Policy from \windows\inf directory or the \winnt\inf directory, depending on your OS.
Snapshot of Add/Remove WUAU.adm Template.
6. Expand the Windows Components container
7. Click the windows updates container
8. In this container you will be able to configure
- Configure Automatic Updates
- Intranet Microsoft Update Service Location
- Reschedule Automatic Updates Scheduled installations
- No auto-restart for scheduled Automatic Updates installations.
Use the Resultant Set of Policies (RSOP), like Group Policy Management Console, GPMC, or GPRESULT.EXE to investigate if the policies are being correct applied to your client systems.
NOTE: Group policy is not the only way to deploy the AU Client Settings; you can edit the Registry manually to configure these settings on individual systems. For more information on the necessary Registry configuration changes, see Mohammed AthifKhaleel’s article Manipulating SUS Settings through the Registry.
Are your Automatic Updates working with SUS?
Once SUS is installed and AU clients are configured, you’ll want to ensure that everything is working correct. To test, follow these simple steps:
TEST SUS: First, make sure it’s synchronizing with Microsoft Update Server daily, looking at its Synchronization and Application Event logs. Isn’t that simple?
Test Automatic Updates: This is more important for Automatic Updates, as SUS will only approve updates, which then have to be “pulled” from the server by the AU client. First, you have got to make sure AU gets appropriate settings via the GPO used to deploy them. To test this, just do a simple reg query from command prompt using the Reg query “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /s command, as shown below:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
WUServer REG_SZ http://Your-SUS-Server-IP/Hostname
WUStatusServer REG_SZ http://Your-SUS-Server-IP/Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoUpdate REG_DWORD 0x0
AUOptions REG_DWORD 0x3
ScheduledInstallDay REG_DWORD 0x0
ScheduledInstallTime REG_DWORD 0x3
UseWUServer REG_DWORD 0x1
RescheduleWaitTime REG_DWORD 0x1e
This is where normal troubleshooting should always start. If you happen to find any errors, reference the Error Codes mentioned in SUS Deployment Guide.