Windows Thread, WSUS Question in Technical; Is it a good wroth putting
as a startup script for all the computers in my domain, I ...
19th June 2008, 09:33 AM #1
Is it a good wroth putting
as a startup script for all the computers in my domain, I have a large number that never seam to want to connect to the WSUS server dispite clientdiag reporting all ok?
19th June 2008, 11:39 AM #2
There are probably better people in this forum to answer this question but here's my 2 pence worth
I wouldn't leave wuauctl /detectnow in the login script for any amount of time as I don't know what the inplications would be (Alrhough I can't see why it would do anything but slow the machines down very slighly at startup) but it mite be worth putting it in for a day or 2, then after every machine has rebooted and started up take it out. Once a PC has reported to the WSUS server for the first time it should be ok and update... well I have found this to be the case on my domain anyway!
Anyone else got any thoughts on this?
19th June 2008, 12:55 PM #3
that pritty much matchs my thoughs.
19th June 2008, 12:57 PM #4
- Rep Power
I don't believe that it should be necessary to hve that in a logon script
The only problem I have had with machines not showing up in WSUS was when using a Ghost image, especially if it was an image from a machine that had already registered from WSUS.
To overcome this we now run a small VB script after re-imaging that resets the WSUS SID on the machine and froces it to contact the WSUS server
19th June 2008, 01:14 PM #5
Or you can just sysprep your machine before taking the image and that should stop the imaging problem
19th June 2008, 01:26 PM #6
- Rep Power
You may be right!
I haven't actually checked to see if sysprep resets the WSUS SID on the computer as well as the machine SID
19th June 2008, 01:29 PM #7
tbh I though resetting the SID would be enough as it's the machine unique identifier, I could be wrong!
19th June 2008, 01:43 PM #8
- Rep Power
There is a SUSClientID registry entry:
This is not reset by SysPrep and is used by the WSUS server as part of the process of identifying the machine.
This will only be a problem if the machine that you are taking the image from has contacted the WSUS server befor you take the image.
19th June 2008, 01:53 PM #9
19th June 2008, 02:00 PM #10
Thanks to timzim from:
greatone (19th June 2008)
19th June 2008, 02:17 PM #11
- Rep Power
Thanks - I had been looking for that but couldn't find it!
Here is the script to reset those keys for those that are interested:
Set oShell = CreateObject("WScript.Shell")
sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi ndowsUpdate"
' suppress error in case values does not exist
On Error Resume Next
' check for marker
sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")
' to be sure values is only deleted once, test on marker
If sIDDeleted <> "yes" Then
' delete values
oShell.RegDelete sRegKey & "\AccountDomainSid"
oShell.RegDelete sRegKey & "\PingID"
oShell.RegDelete sRegKey & "\SusClientId"
' Stop and start the Automatic updates service
oShell.Run "%SystemRoot%\system32\net.exe stop wuauserv", 0, True
oShell.Run "%SystemRoot%\system32\net.exe start wuauserv", 0, True
' Run wuauclt.exe with resetauthorization
sCmd = "%SystemRoot%\system32\wuauclt.exe /resetauthorization /detectnow"
oShell.Run sCmd, 0, True
' create marker
oShell.RegWrite sRegKey & "\IDDeleted", "yes"
Copy the script into notepad
Save as text file then rename to .vbs
Double click the file and it will reset the WSUS SID etc.
NB It can only be run once on each machine as it sets a marker to say that it has been run.
19th June 2008, 02:20 PM #12
Thanks that could come in handy in the future....well hopefully not but I think I will save it just in case
19th June 2008, 03:36 PM #13
Brill - I think you have gotten to the bottom of the problems with my missing PCs.
19th June 2008, 06:10 PM #14
I've used WSUS for years and have never needed to put wuauclt.exe /detectnow in any script and I wouldn't recommend it either. If your WSUS server and GPOs are configured correctly, your workstations should automatically detect new updates on the schedule you specify.
I can confirm sysprep doesn't reset the WSUS SID only the Windows SID. I use this script to manually reset the WSUS SID (if required):
TITLE Logistix WSUS Reset Authorisation
Echo Save the batch file "AU_Clean_SID.cmd". This batch file will do the following:
Echo 1. Stops the wuauserv service
Echo 2. Deletes the AccountDomainSid registry key (if it exists)
Echo 3. Deletes the PingID registry key (if it exists)
Echo 4. Deletes the SusClientId registry key (if it exists)
Echo 5. Restarts the wuauserv service
Echo 6. Resets the Authorization Cookie
Echo 6. More information on http://msmvps.com/Athif
net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow
20th June 2008, 10:18 AM #15
Thaks but it doesn't seem to work
Originally Posted by greatone
By ricki in forum Wireless Networks
Last Post: 19th June 2008, 08:37 AM
Last Post: 10th April 2008, 02:12 PM
By adamf in forum Windows
Last Post: 21st February 2008, 08:50 AM
By mattx in forum Windows
Last Post: 10th May 2007, 03:14 PM
By Dos_Box in forum Windows
Last Post: 8th November 2006, 09:57 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)