WSUS – GPO and Windows 10 / Server 2016 Registry Settings

You create a WSUS GPO and apply it to the Computers.

Now how do you validate its working

Open the registry and browse to :
computer\HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

 

The GPO for WSUS should populate the registry with following values

WUServer …updates server
WUStatusServer…update
UpdateServicesURLAlternate

These values should match the GPO settings for WSUS.

WSUS and Windows 10 – Clients not checking in or checking in and then disappearing

Clients not checking in or checking in and then disappearing

Cloned images – SUSCLIENTID is not reset with Sysprep!!!

This needs to be done if your creating a template for Windows 2016 and Windows 10 in a virtual environment.

So if you have deployed servers from template already, do the following fix. Or if you realised before deployment, just delete the reg keys before converting the virtual machine to a template.

Solutions / Fix

Stop Windows Update service

 

Open up regedit

Browse to  : computer\hklm\software\microsoft\windows\currentversion\windowsupdate

Delete susclientID
Delete susclientidvalid

Start Windows Update service

Open up command prompt as admin on the effected Window 2016 or Window 10 client, if the image has already been deployed

type

c:\windows\system32\UsoClient.exe RefreshSettings

The clients should then check in and create a new SusClientId and SusClientIdValidation

 

WSUS and Windows 10 Clients – UsoClient.exe

So, you deploy a GPO to Window 10 clients, but your in a hurry to get the clients to check in…

As a SysAdmin for many years I would log on to a client, open command prompt and type :

wuauclt /detectnow  (Windows 7 / Windows Server 2008/2012 clients)

 

In Windows 10 you will notice that it doesn’t do anything and doesn’t show you anything. (As shown above)

(confirmed on https://blogs.technet.microsoft.com/yongrhee/2017/11/09/wuauclt-detectnow-in-windows-10-and-windows-server-2016/)

An example of “Whats New” in Windows 10, and Windows Server 2016 To check or scan “Windows Update” from the command prompt :
CMD (Run As Administrator)
c:\windows\system32\

UsoClient.exe startscan

And there is more switches….

  1. StartScan – Used To Start Scan
  2. StartDownload – Used to Start Download of Patches
  3. StartInstall – Used to Install Downloaded Patches
  4. RefreshSettings  – Refresh Settings if any changes were made
  5. StartInteractiveScan  – May ask for user input and/or open dialogues to show progress or report errors
  6. RestartDevice – Restart device to finish installation of updates
  7. ScanInstallWait – Combined Scan Download Install
  8. ResumeUpdate – Resume Update Installation On Boot