6

I'm in a corporate Windows environment, which has deployed its own WSUS server. The thing is, it seems to hardly ever be updated.

This means I don't get the latest updates for months. It's a worry for security, and inconvenient for other MS products.

I know how to edit the WUServer and WUStatusServer values in the registry, however what should the values be if I want to use the default Microsoft servers?

Joe Niland
  • 447
  • 1
  • 5
  • 16

3 Answers3

6

Changing those settings won't do much for you. The group policy which sets those values will overwrite any changes which you make.

Your IT staff probably only pushes out updates once they have been tested to ensure that they do not break any applications which are installed. If your security department has issue which this, then they should bring it up with the IT Admin group. Going around the IT admin group isn't going to to do anything but upset them.

mrdenny
  • 27,074
  • 4
  • 40
  • 68
  • :) thanks for the info. You are right on all counts. They do test updates before rolling them out, as they should! But this is only done for the main corporate apps (Office, Outlook, etc.) I still need to run updates every so often, as it's especially necessary for the development/database products I use (.NET, SQL Server, etc). I don't mind reapplying this change when necessary (they don't refresh the GP that often) - just a simple .reg patch. Some things are only delivered through WU and are hard to install manually. – Joe Niland Feb 22 '11 at 01:56
  • You can always manually check for updates online. Windows XP, Vista, and 7 all have options to check online for updates, aside from the update settings being applied from the WSUS server. This would give you access to the updates that aren't being downloaded and approved on the WSUS server. – joeqwerty Feb 22 '11 at 02:19
  • Thanks - it's been disabled in the group policy, though. I've overriden this, but the internal WSUS server seems to be inaccessible, so I am not able to manually get any new updates. That's why I want to try and use the MS servers (if possible.) – Joe Niland Feb 22 '11 at 03:04
  • I think if you just remove the settings and leave them blank it should default back to the Microsoft servers. – mrdenny Feb 22 '11 at 08:30
  • Thanks mrdenny - that does indeed cause it to revert to the default servers – Joe Niland Feb 23 '11 at 04:47
4

You should simply delete these registry keys if you want to revert to the default Microsoft update servers.

devicenull
  • 5,572
  • 1
  • 25
  • 31
  • I tried this and it does try and connect to the MS servers now. Unfortunately it can't seem to connect. Perhaps the port has been blocked by a clever admin! Oh well. Thanks for your help. – Joe Niland Feb 22 '11 at 03:05
  • 4
    I needed to do this again recently. Here's how: Set values of HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer and WUStatusServer (in same key) to empty strings. Set value of HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer to 0. Restart Windows Update service. – Joe Niland Jul 10 '14 at 03:33
2

My suggestion would be to bring your concerns to the group or individual responsible for the WSUS server. They probably have a policy/procedure for approving updates.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171