ConfigMgr How You Can Use Compliance Settings to Test the Home Windows Replace Coverage Settings Like WUServer, UseWUServer,NoAutoUpdate on Clients

By | October 30, 2017

When you put in configuration supervisor shopper to handle any home windows gadget ,it can attempt to configure native group coverage to set WSUS server settings (unless you do not have any GPO configured to set these settings) .If in any respect ,you could have any GPO to configure the WSUS info ,native GPO that created by configmgr shopper will fail which can be logged in wuahandler.log,windowsupdate.log.

If you have a glance at wuahandler.log, you will notice error one thing like under. Group coverage settings had been overwritten by a better authority (domain controller) to server and coverage not configured .

image

So earlier than you attempt to set up SCCM client,it is at all times really helpful to disable GPO settings for home windows replace to keep away from the battle with native GPO created by Configmgr shopper .Extra details about software program replace troubleshooting http://eskonr.com/2015/04/sccm-2012-troubleshoot-client-software-update-issues/

If you need to know extra about Configmgr software program replace administration and group coverage relation ,please learn Jason Sandy’s clarification https://home.configmgrftw.com/software-update-management-and-group-policy-for-configmgr-what-else/

https://home.configmgrftw.com/software-updates-management-and-group-policy-for-configmgr-cont/

In this weblog publish, we’re going to see ,tips on how to examine four primarily used home windows replace coverage settings the WSUS settings like USEWUServer,WUServer,NoAutoupdate and settle for trusted writer certs (for third get together patching) which are appropriately configured or not earlier than shoppers carry out software program replace scan.

1.WUServer

2.UseWUServer

3.NoAutoUpdate

4.AcceptTrustedPublisherCerts

Although you are capable of do SQL question to get the shoppers which are having subject with GPO battle ,however it’s at all times good to examine the these registry keys to verify shoppers are good .

AcceptTrustedPublisherCerts> for trusting the third get together updates in case you are utilizing SCUP to belief adobe,flash ,java and different updates which are deployed by way of SCCM.

Location that retailer above coverage settings within the shopper registry is HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate (for each 32bit and 64bit OS)

SNAGHTML557420a

NoAutoupdate >is to disable auto home windows replace

image

Following is SQL question to get shoppers info which have points with GPO conflict:

select distinct sys.name0 [Computer Name],os.caption0 [OS],convert(nvarchar(26),ws.lasthwscan,100) as [LastHWScan],convert(nvarchar(26),sys.Last_Logon_Timestamp0,100) [Last Loggedon time Stamp],
sys.user_name0 [Last Consumer Name] ,uss.lasterrorcode,uss.lastscanpackagelocation from v_r_system sys
left be part of v_gs_operating_system os on os.resourceid=sys.resourceid
left be part of v_GS_WORKSTATION_STATUS ws on ws.resourceid=sys.resourceid
left be part of v_updatescanstatus uss on uss.ResourceId=sys.ResourceID
inner be part of v_FullCollectionMembership fcm on fcm.ResourceID=sys.ResourceID
where uss.lasterrorcode!=’0′
and fcm.CollectionID in(‘PS100140’)
and sys.client0 will not be NULL
and uss.LastErrorCode=’-2016409966
order by sys.name0

image

Now lets deal with the Configuration item/configuration baseline to create activity and deploy to collection:

I have couple of blogs tips on how to create configuration merchandise with settings therefore i’m not going to indicate you step-by-step . I’ll undergo the settings which are actually necessary for this task.

At the tip ,i additionally connect the exported model of configuration baseline nonetheless you might need to edit it after import due WSUS server information.

In new setting, present the next information.

Name: WUServer (anything you like) , Setting Sort Registry worth .Knowledge sort: String , Hive Name:HKEY_Local_Machine ,Key Name:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Click on browse to decide out the registry key

image

Registry key: Select the next settings.

Click Ok

SNAGHTML153a618f

Click on compliance Guidelines , you will notice 2 circumstances .

f you could have a quantity of WSUS servers ,click on on the wuserver certainly one of ,click on Edit rule,

Paste all of the WSUS server places into the one of field setting and click on on ok

image

How do you get checklist of all WSUS server places ?

Run the next SQL question in opposition to your CM database.

select LastScanPackageLocation from v_UpdateScanStatus
where LastScanPackageLocation not like
group by LastScanPackageLocation

image

we now have created one setting for WUserver ,like this we have to create for three extra entries .

For UseWUServer ,click on on New ,observe the choices listed below.

image

While you’re at this web page ,click on on browse ,observe the trail under to decide out the registry key

image

Click on Okay .

Under compliance guidelines ,choose Report noncompliance if this setting occasion will not be discovered .

image

we will create the remaining 2 circumstances in related manner that we created for UseWUServer . All you want is level the registry key to respective value.

3.NoAutoUpdate > SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

image

Under compliance guidelines ,choose Report noncompliance if this setting occasion will not be discovered

4.AcceptTrustedPublisherCerts>SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

SNAGHTML159a8f83

Under compliance guidelines ,choose Report noncompliance if this setting occasion will not be discovered

image

Click ok

we now set four circumstances that required to examine home windows replace coverage settings

image

Click subsequent to confirm all compliance rules

image

Click subsequent for the completion of configuration merchandise wizard.

We can now create configuration baseline and deploy it to assortment .

If any of the above setting will not be discovered on the shopper pc, it can report as non-compliant which can show you the way to to troubleshoot and repair software program replace scan issues.

Download the CB Configuration baseline for Home windows replace coverage settings right here .

To import ,go to compliance settings configuration baseline ,proper click on and import the cab file.

After you import the cab file ,remember to edit the configuration merchandise and modify your WSUS server settings.

Hope this information helps!


Please check this great service at: http://www.test-net.org/services/country-by-ip/ or visit FREE SERVICES menu

[Ubude: 0    Isilinganiso: 0/5]

Leave a Reply

Your email address will not be published. Required fields are marked *