Skip to main content

Setting Up Clients to Access WSUS

If you choose not to create a new Group Policy using the Software Vulnerability Manager WSUS Group Policy wizard, please edit your existing WSUS Group Policy as follows:

  1. In the Group Policy Management Console (GPMC), browse to the Group Policy Object (GPO) on which you want to configure WSUS and click Edit.

  2. In the GPMC, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and click Windows Update. Select:

    • Enable: Configure Automatic Updates (choose your settings)

    • Enable: Specify intranet Microsoft update service location (add the host name/IP of your WSUS server)

    • Enable: Allow signed updates from an intranet Microsoft update service location (Important – enables WSUS to distribute patches through Software Vulnerability Manager)

  3. If Windows update not working, then check whether:

    • WUServer contains WSUS server, WSUSStatusServer contains WSUS server:portnumber, AcceptTrustedPublishedCerts:1 in location

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

      "WUServer"="psccm.sccm.test"

      "WUStatusServer"="psccm.sccm.test:8530"

      "ElevateNonAdmins"=dword:00000001

      "AcceptTrustedPublisherCerts"=dword:00000001

    • In registry location, [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU], check"UseWUServer"=1

info

For installing the WSUS server in your environment we recommend reading the Step-by-Step Installation Guide provided by Microsoft:

http://technet.microsoft.com/en-us/wsus/default.aspx