How to configure clients with WSUS?

Hi!  I am working in a tech shop, and one of the things we do quite often is download and install windows updates on client computers.  The problem is that we are in a isolated area and have painfully slow internet.  I built a server with the idea of using WSUS to speed up the update process by having the clients download the updates from a local server.  I had done this in an AD environment before at another job that I had, but when I was planning this project for this job, I forgot that I had to use GP to deploy it the last time I did it, and A.  I don't want to be configuring GP on consumer computers, and B.  Most computers that we work on are Windows Home Edition, not Professional, so they don't even have GP.  Is there a way to configure my server to "intercept" requests to update.microsoft.com and just respond within our local network?  I tried pointing a DNS A record for update.microsoft.com to our local server, but for some reason it doesn't seem to work (is WSUS a different port or protocol than update.microsoft.com maybe?).  In addition, whenever I want to sync updates on the server with that DNS entry, I would have to delete the DNS entry temporarily, since WSUS services will use the DNS server on my local server no matter what (I have tried telling the server NIC to use 8.8.8.8 and 8.8.4.4 as it's DNS server, and also adding an entry to the hosts file to point it to update.microsoft.com on the server, but it always overrides and uses the DNS entry from my local server).

Frankly, I'm not even sure that what I'm trying to do is possible.  If it isn't, my next idea was to create a script that our technicians and I can run on client computers to quickly switch the WSUS server settings to our local server and then when we are done switch them back to Microsoft.  But would that even work on Home edition computers, or just Professional editions?

Thanks for your help!

Willard2.03 years ago
You should be able to do that through the registry.  The only thing GP does is automate the alteration of the registry.  See this link, look at the comments.

It should be only these entries needed.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://192.168.0.198:8530"
"WUStatusServer"="http://192.168.0.198:8530"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000002
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001


Just create a .reg file with the params for WSUS and create one with the regular params.  When you start on a computer, just run the WSUS file.  When you are done, run the regular file and everything should be back to normal.
Looking further, it seems like you can eliminate these lines:

"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000002
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003


You just have to run the .reg file before you plug in the network cable, or the computer will start downloading the updates from the web.
thegeekkid (author)  Willard2.03 years ago
Thanks for the answer. I suppose I should have come back and posted the answer, as I did find that eventually. I already had a script I was using to configure clients to use a caching server, so I had just added these keys to the script. Thanks for your help! :)
zenon.twok2 years ago

I have created .bat script to update the registry, when the .bat script is executed the values in the registry are updated correctly. However when I invoke 'Edit policy group' on windows 7 Enterprise (32-bit) and go to "Computer Configuration > Administrative Templates > Windows Components > Windows update" none of the WSUS options are enabled, why is that?

Also the WSUS server is not detecting the host which the .bat script was executed.

is it possible to configure WSUS client by modifying the registry on window 7 Enterprise (32-bit)?

---- Content of the .bat file -----

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v DetectionFrequencyEnabled /t REG_DWORD /d 1 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v DetectionFrequency /t REG_DWORD /d 12 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 4 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 0 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallDay /t REG_DWORD /d 0 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallTime /t REG_DWORD /d 3 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v RebootWarningTimeoutEnabled /t REG_DWORD /d 1 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v RebootWarningTimeout /t REG_DWORD /d 2 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v WUServer /t REG_SZ /d http://XXXXX:8530 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v WUStatusServer /t REG_SZ /d http://XXXXX:8530 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v UseWUServer /t REG_DWORD /d 1 /f