In some of the lab environments provided to me, the base Windows image has pre-set WSUS updates servers. When I then move the lab VMs to a different network, the original WSUS servers are no longer available, and I typically point to Microsoft Update or a different WSUS server.
In the case of pointing to Microsoft Update, I wanted to delete the initial WSUS registry values. In my case, these are values that were written directly into the registry. If you are setting these values using a local GPO, or domain GPO then the respective GPO must be changed instead. The values present will also depend upon what was initially written to the registry either by a manual process, tool or by a GPO, so your mileage may vary. If you do have additional values that should be removed, then it should be easy to modify the examples below to suit your specific purposes.
The base Windows Update configuration is held here on each client machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
You can keep navigating to that registry location, or use the Registry Editor favourites feature to save time.
To immediately apply changes, the Windows Update service is restarted. This is the wuauserv service.
Deleting Registry Values Using Reg.exe
The below commands can be used either in batch file or one by one to remove the WSUS registry values:
REG.exe DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /V WUServer /F
REG.exe DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /V WUStatusServer /F
REG.exe DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /V TargetGroup /F
REG.exe DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /V TargetGroupEnabled /F
REG.exe DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /V NoAutoUpdate /F
REG.exe DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /V UseWUServer /F
The Windows Update service is then restarted.
Net Stop wuauserv && Net Start wuauserv
You can copy and past the above into a batch file, and then execute it. Should you want to run this at machine startup, you may chose to delay the execution. Since sleep.exe is not native in the cmd shell, that was a resource kit utility, you can use a workaround to ping to the loopback IP and discard the output. Since there is a 1 second delay by default, this nets out to an easy way to wait for the desired time.
For example:
Ping.exe 127.0.0.1 -n 10 > Null
(note that the –n is case sensitive, so do not use –N instead)
Deleting Registry Values Using PowerShell
The same values are removed as in the above REG.exe example. PowerShell will report an error if a value does not exist. To suppress those errors we can add ErrorAction SilentlyContinue to the command. You may or may not want errors to be suppressed, you can decide.
Remove-ItemProperty –Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name WUServer -Confirm:$False –ErrorAction SilentlyContinue
Remove-ItemProperty –Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name WUStatusServer -Confirm:$False -ErrorAction SilentlyContinue
Remove-ItemProperty –Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name TargetGroup -Confirm:$False -ErrorAction SilentlyContinue
Remove-ItemProperty –Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name TargetGroupEnabled -Confirm:$False -ErrorAction SilentlyContinue
Remove-ItemProperty –Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name NoAutoUpdate -Confirm:$False -ErrorAction SilentlyContinue
Remove-ItemProperty –Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name UseWUServer -Confirm:$False -ErrorAction SilentlyContinue
PowerShell natively supports the Start-Sleep cmdlet, so that can be used when automating the above commands. For example:
Start-Sleep -Seconds 10
Cheers,
Rhoderick
