Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Hi all,
I'm trying to use UpdateExpert to send a "regedit /s file.reg" command to
client machines. My goal is to have the Group policies:
"Configure Automatic Updates"
and
"Specify interanet Microsoft update service location"
to appear the same;have the same settings as if I manually connected to each
machine and ran gpedit.msc, applied the snap-in if necessary, and input the
data.
to accomplish this, I applied the settings via gpedit to a test machine and
then scanned the regestry for the wus ip address.
I found some relevant keys and created the following .reg file: (xxx to
mask real ip and info)
-----------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://xxx.xxx.xxx.xxx"
"WUStatusServer"="http://xxx.xxx.xxx.xxx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"RescheduleWaitTime"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects\{6DAxxxxx-24C1-466D-B0C0-0B168ABxxxxx}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://xxx.xxx.xxx.xxx"
"WUStatusServer"="http://xxx.xxx.xxx.xxx"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects\{6DAxxxxx-24C1-466D-B0C0-0B168ABxxxxx}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
-----------------------------------------------------------------------------------------
after applying my custom update I also automaticly scan the registry for
compliance on each machine and the registry is indeed changed no problem.
My problem is, if I then go into a machine and run gpedit, the fields are
still 'not configured'
Obviously I'm missing something else; another reg key, but I dont know which
one/s. I need to know what other keys are needed to switch the settings to
'enabled'. I think the fields will then be automaticly populated via the
other keys I already have.
Another option would be the command line gpedit to accomplish this but Im
not very familiar with this commands switches and it needs to have an /s
type switch so it could be done remotely, via a system account whether users
are logged in or not.
Hi all,
I'm trying to use UpdateExpert to send a "regedit /s file.reg" command to
client machines. My goal is to have the Group policies:
"Configure Automatic Updates"
and
"Specify interanet Microsoft update service location"
to appear the same;have the same settings as if I manually connected to each
machine and ran gpedit.msc, applied the snap-in if necessary, and input the
data.
to accomplish this, I applied the settings via gpedit to a test machine and
then scanned the regestry for the wus ip address.
I found some relevant keys and created the following .reg file: (xxx to
mask real ip and info)
-----------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://xxx.xxx.xxx.xxx"
"WUStatusServer"="http://xxx.xxx.xxx.xxx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"RescheduleWaitTime"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects\{6DAxxxxx-24C1-466D-B0C0-0B168ABxxxxx}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://xxx.xxx.xxx.xxx"
"WUStatusServer"="http://xxx.xxx.xxx.xxx"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects\{6DAxxxxx-24C1-466D-B0C0-0B168ABxxxxx}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
-----------------------------------------------------------------------------------------
after applying my custom update I also automaticly scan the registry for
compliance on each machine and the registry is indeed changed no problem.
My problem is, if I then go into a machine and run gpedit, the fields are
still 'not configured'
Obviously I'm missing something else; another reg key, but I dont know which
one/s. I need to know what other keys are needed to switch the settings to
'enabled'. I think the fields will then be automaticly populated via the
other keys I already have.
Another option would be the command line gpedit to accomplish this but Im
not very familiar with this commands switches and it needs to have an /s
type switch so it could be done remotely, via a system account whether users
are logged in or not.