+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Windows Thread, WSUS Question in Technical; Is it a good wroth putting wuauctl /detectnow as a startup script for all the computers in my domain, I ...
  1. #1
    Newton's Avatar
    Join Date
    Oct 2007
    Posts
    179
    Thank Post
    59
    Thanked 5 Times in 5 Posts
    Rep Power
    14

    WSUS Question

    Is it a good wroth putting

    wuauctl /detectnow

    as a startup script for all the computers in my domain, I have a large number that never seam to want to connect to the WSUS server dispite clientdiag reporting all ok?

  2. #2
    FatBoy's Avatar
    Join Date
    Oct 2007
    Location
    Kent, UK
    Posts
    243
    Thank Post
    52
    Thanked 20 Times in 16 Posts
    Rep Power
    17
    There are probably better people in this forum to answer this question but here's my 2 pence worth

    I wouldn't leave wuauctl /detectnow in the login script for any amount of time as I don't know what the inplications would be (Alrhough I can't see why it would do anything but slow the machines down very slighly at startup) but it mite be worth putting it in for a day or 2, then after every machine has rebooted and started up take it out. Once a PC has reported to the WSUS server for the first time it should be ok and update... well I have found this to be the case on my domain anyway!

    Anyone else got any thoughts on this?

  3. #3
    Newton's Avatar
    Join Date
    Oct 2007
    Posts
    179
    Thank Post
    59
    Thanked 5 Times in 5 Posts
    Rep Power
    14
    Cheers
    that pritty much matchs my thoughs.

  4. #4

    Join Date
    Jun 2008
    Location
    Essex
    Posts
    47
    Thank Post
    2
    Thanked 17 Times in 15 Posts
    Rep Power
    14
    I don't believe that it should be necessary to hve that in a logon script

    The only problem I have had with machines not showing up in WSUS was when using a Ghost image, especially if it was an image from a machine that had already registered from WSUS.

    To overcome this we now run a small VB script after re-imaging that resets the WSUS SID on the machine and froces it to contact the WSUS server

  5. #5
    FatBoy's Avatar
    Join Date
    Oct 2007
    Location
    Kent, UK
    Posts
    243
    Thank Post
    52
    Thanked 20 Times in 16 Posts
    Rep Power
    17
    Or you can just sysprep your machine before taking the image and that should stop the imaging problem

  6. #6

    Join Date
    Jun 2008
    Location
    Essex
    Posts
    47
    Thank Post
    2
    Thanked 17 Times in 15 Posts
    Rep Power
    14
    You may be right!

    I haven't actually checked to see if sysprep resets the WSUS SID on the computer as well as the machine SID

  7. #7
    FatBoy's Avatar
    Join Date
    Oct 2007
    Location
    Kent, UK
    Posts
    243
    Thank Post
    52
    Thanked 20 Times in 16 Posts
    Rep Power
    17
    tbh I though resetting the SID would be enough as it's the machine unique identifier, I could be wrong!

  8. #8

    Join Date
    Jun 2008
    Location
    Essex
    Posts
    47
    Thank Post
    2
    Thanked 17 Times in 15 Posts
    Rep Power
    14
    Apparently not.

    There is a SUSClientID registry entry:

    HKLM\software\microsoft\windows\currentversion\win dowsupdate

    This is not reset by SysPrep and is used by the WSUS server as part of the process of identifying the machine.

    This will only be a problem if the machine that you are taking the image from has contacted the WSUS server befor you take the image.

  9. Thanks to greatone from:

    FatBoy (19th June 2008)

  10. #9
    FatBoy's Avatar
    Join Date
    Oct 2007
    Location
    Kent, UK
    Posts
    243
    Thank Post
    52
    Thanked 20 Times in 16 Posts
    Rep Power
    17
    Ohhhh thanks nice one that will in the future save me lots of time and issues I have only had WSUS on for 2 months and not create an image since then!! I bet you when the summer machines come in I would have WSUS them and then taken a image Thanks given for saving me a future headache!

  11. #10

    Join Date
    Jun 2007
    Location
    London
    Posts
    894
    Thank Post
    64
    Thanked 171 Times in 140 Posts
    Rep Power
    54

  12. Thanks to timzim from:

    greatone (19th June 2008)

  13. #11

    Join Date
    Jun 2008
    Location
    Essex
    Posts
    47
    Thank Post
    2
    Thanked 17 Times in 15 Posts
    Rep Power
    14
    Thanks - I had been looking for that but couldn't find it!

    Here is the script to reset those keys for those that are interested:

    Set oShell = CreateObject("WScript.Shell")

    sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi ndowsUpdate"

    ' suppress error in case values does not exist
    On Error Resume Next

    ' check for marker
    sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")

    ' to be sure values is only deleted once, test on marker
    If sIDDeleted <> "yes" Then
    ' delete values
    oShell.RegDelete sRegKey & "\AccountDomainSid"
    oShell.RegDelete sRegKey & "\PingID"
    oShell.RegDelete sRegKey & "\SusClientId"

    ' Stop and start the Automatic updates service
    oShell.Run "%SystemRoot%\system32\net.exe stop wuauserv", 0, True
    oShell.Run "%SystemRoot%\system32\net.exe start wuauserv", 0, True

    ' Run wuauclt.exe with resetauthorization
    sCmd = "%SystemRoot%\system32\wuauclt.exe /resetauthorization /detectnow"
    oShell.Run sCmd, 0, True

    ' create marker
    oShell.RegWrite sRegKey & "\IDDeleted", "yes"
    End If


    Copy the script into notepad

    Save as text file then rename to .vbs

    Double click the file and it will reset the WSUS SID etc.
    NB It can only be run once on each machine as it sets a marker to say that it has been run.

  14. #12
    FatBoy's Avatar
    Join Date
    Oct 2007
    Location
    Kent, UK
    Posts
    243
    Thank Post
    52
    Thanked 20 Times in 16 Posts
    Rep Power
    17
    Thanks that could come in handy in the future....well hopefully not but I think I will save it just in case

  15. #13
    Newton's Avatar
    Join Date
    Oct 2007
    Posts
    179
    Thank Post
    59
    Thanked 5 Times in 5 Posts
    Rep Power
    14
    Brill - I think you have gotten to the bottom of the problems with my missing PCs.

    Cheers

  16. #14

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    I've used WSUS for years and have never needed to put wuauclt.exe /detectnow in any script and I wouldn't recommend it either. If your WSUS server and GPOs are configured correctly, your workstations should automatically detect new updates on the schedule you specify.

    I can confirm sysprep doesn't reset the WSUS SID only the Windows SID. I use this script to manually reset the WSUS SID (if required):

    Code:
    @echo off
    TITLE Logistix WSUS Reset Authorisation
    Echo Save the batch file "AU_Clean_SID.cmd". This batch file will do the following:
    Echo 1.    Stops the wuauserv service
    Echo 2.    Deletes the AccountDomainSid registry key (if it exists)
    Echo 3.    Deletes the PingID registry key (if it exists)
    Echo 4.    Deletes the SusClientId registry key (if it exists)
    Echo 5.    Restarts the wuauserv service
    Echo 6.    Resets the Authorization Cookie
    Echo 6.    More information on http://msmvps.com/Athif
    Pause
    @echo on
    net stop wuauserv
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    Pause

  17. #15

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,389
    Thank Post
    797
    Thanked 1,587 Times in 1,390 Posts
    Blog Entries
    10
    Rep Power
    427
    Quote Originally Posted by greatone View Post
    Thanks - I had been looking for that but couldn't find it!

    Here is the script to reset those keys for those that are interested:

    Set oShell = CreateObject("WScript.Shell")

    sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi ndowsUpdate"

    ' suppress error in case values does not exist
    On Error Resume Next

    ' check for marker
    sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")

    ' to be sure values is only deleted once, test on marker
    If sIDDeleted <> "yes" Then
    ' delete values
    oShell.RegDelete sRegKey & "\AccountDomainSid"
    oShell.RegDelete sRegKey & "\PingID"
    oShell.RegDelete sRegKey & "\SusClientId"

    ' Stop and start the Automatic updates service
    oShell.Run "%SystemRoot%\system32\net.exe stop wuauserv", 0, True
    oShell.Run "%SystemRoot%\system32\net.exe start wuauserv", 0, True

    ' Run wuauclt.exe with resetauthorization
    sCmd = "%SystemRoot%\system32\wuauclt.exe /resetauthorization /detectnow"
    oShell.Run sCmd, 0, True

    ' create marker
    oShell.RegWrite sRegKey & "\IDDeleted", "yes"
    End If


    Copy the script into notepad

    Save as text file then rename to .vbs

    Double click the file and it will reset the WSUS SID etc.
    NB It can only be run once on each machine as it sets a marker to say that it has been run.
    Thaks but it doesn't seem to work

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Wsus
    By ricki in forum Wireless Networks
    Replies: 1
    Last Post: 19th June 2008, 08:37 AM
  2. WSUS - small question regarding GPO's
    By DanW in forum Windows
    Replies: 4
    Last Post: 10th April 2008, 02:12 PM
  3. Replies: 3
    Last Post: 21st February 2008, 08:50 AM
  4. Quick WSUS Question
    By mattx in forum Windows
    Replies: 3
    Last Post: 10th May 2007, 03:14 PM
  5. Replies: 1
    Last Post: 8th November 2006, 09:57 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •