5

I was recently configuring a WSUS server. However I am not sure if I've set up correctly (WSUS isn't an everyday tool at the place where I work).

I've been wondering, Is there a command (or a tool) in Windows 7 that can be executed on a client machine and will verify the location from where the client is pulling the updates?

UPDATE:
It seems that the WSUS is working. The GPO is showing the clients as Kyle Brandt suggested.

However I just want to verify one more thing. Here's more info on the GPO i've created in order to distribute the updates.
enter image description here

Corect me if I'm wrong, I am not sure about Target group name for this computer option. Does it want as a value of the names of the AD Groups or the names of the WSUS groups? I wasn't sure so I include both of them - from the image you can see that I have put inside the relevant AD Groups and WSUS Unssigned Computers group

Spirit
  • 1,144
  • 7
  • 25
  • 45

5 Answers5

11

If you're using Group Policy to configure your updates, you can query the registry for the Target Group and WSUS server values:

C:\> REG QUERY "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate"
  WUServer    REG_SZ    http://fcsd-sccm
  WUStatusServer    REG_SZ    http://fcsd-sccm
  TargetGroupEnabled    REG_DWORD    0x1
  TargetGroup    REG_SZ    Servers

Or just get the WUServer value alone:

C:> REG QUERY "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer"
  WUServer    REG_SZ    http://fcsd-sccm

If the WUServer value is not present, you're connecting to Microsoft.

The Powershell equivalent:

Get-ItemProperty HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate
Nathan Hartley
  • 1,620
  • 5
  • 26
  • 38
jscott
  • 24,204
  • 8
  • 77
  • 99
3

Look in the Windows Update control panel on the client machine. If you have WSUS configured properly, there will be a message that says something like "Updates are managed by your Systems Administrator".

ewwhite
  • 194,921
  • 91
  • 434
  • 799
3

Not a direct answer to your question, but....

I have always done this just by expanding "Computers::[OU]" in the Update Services screen in the WSUS server:

enter image description here

It shows the last report date for each computer in the OU. For this though, you will have to wait until the computer has checked for updates for the first time.

The wuauclt command might have an option to display the target update server, not positive though. It does allow you to force a check of updates with wuauclt /detectnow - when you kick that off though it sill takes a few minutes.

If you are telling each client what the update server is via GPO, you will also have to wait for the GPO to apply or use gpupdate /force

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • Oh, there is also a "Last Contact" Column you can enable there. Not sure of the specific difference on that... – Kyle Brandt Feb 17 '12 at 13:14
  • Thank you for the reply @Kyle. It seems that the WSUS updates are working correctly. I've configured them via group policy. I will post an update to my question, I am interested in just one more thing. – Spirit Feb 17 '12 at 13:38
2

Run the gpresult tool on the client:

gpresult /h report.html

This will show you all GPO settings applied on clients.

Besides that, if you have access to a domain controller, can run the GPO Result Wizard, on Group Policy Editor

On the groups question, I think that you should group your machines by configuration, because you will want to approve updates based on machine configuration or windows version.

I personally, group machines by windows version.

motobói
  • 1,571
  • 11
  • 17
1

You can check the WindowsUpdate.log file.

http://support.microsoft.com/kb/902093

joeqwerty
  • 108,377
  • 6
  • 80
  • 171