LinkBack URL
About LinkBacksIs it a good wroth putting
wuauctl /detectnow
as a startup script for all the computers in my domain, I have a large number that never seam to want to connect to the WSUS server dispite clientdiag reporting all ok?
Is it a good wroth putting
wuauctl /detectnow
as a startup script for all the computers in my domain, I have a large number that never seam to want to connect to the WSUS server dispite clientdiag reporting all ok?
There are probably better people in this forum to answer this question but here's my 2 pence worth
I wouldn't leave wuauctl /detectnow in the login script for any amount of time as I don't know what the inplications would be (Alrhough I can't see why it would do anything but slow the machines down very slighly at startup) but it mite be worth putting it in for a day or 2, then after every machine has rebooted and started up take it out. Once a PC has reported to the WSUS server for the first time it should be ok and update... well I have found this to be the case on my domain anyway!
Anyone else got any thoughts on this?
Cheers
that pritty much matchs my thoughs.
I don't believe that it should be necessary to hve that in a logon script
The only problem I have had with machines not showing up in WSUS was when using a Ghost image, especially if it was an image from a machine that had already registered from WSUS.
To overcome this we now run a small VB script after re-imaging that resets the WSUS SID on the machine and froces it to contact the WSUS server
Or you can just sysprep your machine before taking the image and that should stop the imaging problem
You may be right!
I haven't actually checked to see if sysprep resets the WSUS SID on the computer as well as the machine SID
tbh I though resetting the SID would be enough as it's the machine unique identifier, I could be wrong!
Apparently not.
There is a SUSClientID registry entry:
HKLM\software\microsoft\windows\currentversion\win dowsupdate
This is not reset by SysPrep and is used by the WSUS server as part of the process of identifying the machine.
This will only be a problem if the machine that you are taking the image from has contacted the WSUS server befor you take the image.
FatBoy (19th June 2008)
Ohhhh thanks nice one that will in the future save me lots of time and issuesI have only had WSUS on for 2 months and not create an image since then!! I bet you when the summer machines come in I would have WSUS them and then taken a image
Thanks given for saving me a future headache!
greatone (19th June 2008)
Thanks - I had been looking for that but couldn't find it!
Here is the script to reset those keys for those that are interested:
Set oShell = CreateObject("WScript.Shell")
sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi ndowsUpdate"
' suppress error in case values does not exist
On Error Resume Next
' check for marker
sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")
' to be sure values is only deleted once, test on marker
If sIDDeleted <> "yes" Then
' delete values
oShell.RegDelete sRegKey & "\AccountDomainSid"
oShell.RegDelete sRegKey & "\PingID"
oShell.RegDelete sRegKey & "\SusClientId"
' Stop and start the Automatic updates service
oShell.Run "%SystemRoot%\system32\net.exe stop wuauserv", 0, True
oShell.Run "%SystemRoot%\system32\net.exe start wuauserv", 0, True
' Run wuauclt.exe with resetauthorization
sCmd = "%SystemRoot%\system32\wuauclt.exe /resetauthorization /detectnow"
oShell.Run sCmd, 0, True
' create marker
oShell.RegWrite sRegKey & "\IDDeleted", "yes"
End If
Copy the script into notepad
Save as text file then rename to .vbs
Double click the file and it will reset the WSUS SID etc.
NB It can only be run once on each machine as it sets a marker to say that it has been run.
Thanks that could come in handy in the future....well hopefully not but I think I will save it just in case
Brill - I think you have gotten to the bottom of the problems with my missing PCs.
Cheers
I've used WSUS for years and have never needed to put wuauclt.exe /detectnow in any script and I wouldn't recommend it either. If your WSUS server and GPOs are configured correctly, your workstations should automatically detect new updates on the schedule you specify.
I can confirm sysprep doesn't reset the WSUS SID only the Windows SID. I use this script to manually reset the WSUS SID (if required):
Code:@echo off TITLE Logistix WSUS Reset Authorisation Echo Save the batch file "AU_Clean_SID.cmd". This batch file will do the following: Echo 1. Stops the wuauserv service Echo 2. Deletes the AccountDomainSid registry key (if it exists) Echo 3. Deletes the PingID registry key (if it exists) Echo 4. Deletes the SusClientId registry key (if it exists) Echo 5. Restarts the wuauserv service Echo 6. Resets the Authorization Cookie Echo 6. More information on http://msmvps.com/Athif Pause @echo on net stop wuauserv REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f net start wuauserv wuauclt /resetauthorization /detectnow Pause
Thaks but it doesn't seem to workOriginally Posted by greatone
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
