WSUS Configuration Issue - Collecting Update Statistics Only Without Managing Updates

Question

Hi,

I would like to configure WSUS to:

Collect update statistics from client devices only.

Allow the client devices to download updates directly from Microsoft's servers.

Issue:

When configuring the GPO for WSUS, it appears to require a WSUS server for both update detection and statistics collection. However, I only want WSUS to collect statistics, while letting the devices download updates directly from Microsoft.

Currently, when I leave the update server field blank and configure the intranet statistics server only, the policy cannot be applied, as the GPO requires a specified update server. My objective is to avoid modifying registry settings and rely solely on the GPO for this setup.

Request:

Is there a way to configure the GPO in such a manner that WSUS is used only for statistics reporting, without requiring the clients to use WSUS for update detection and download?

Thank you in advance for your help.

Answer 1

Hello @ABK

Yes, it is possible to configure Group Policy Objects (GPO) so that Windows Server Update Services (WSUS) is used only for statistics reporting, while allowing clients to use Microsoft Update for update detection and download. Here’s how you can achieve this:

Step 1: Open Group Policy Management

Access the Group Policy Management Console (GPMC) on your server.

Navigate to the specific GPO you want to configure or create a new one.

Step 2: Configure Automatic Updates

Go to Computer Configuration > Administrative Templates > Windows Components > Windows Update.

Find the policy "Configure Automatic Updates".

Set it to "Enabled" and choose an appropriate option that allows automatic updates but does not specify a WSUS server for updates.

Step 3: Set Intranet Update Service for Detection

Locate the policy "Specify intranet Microsoft update service location".

Set this policy to "Enabled".

Enter the WSUS server URL in the "Set the intranet update service for detecting updates" field.

Leave the "Set the intranet statistics server" field blank or set it to the same WSUS URL if you want to report statistics.

Step 4: Disable WSUS for Update Detection

Ensure that the clients are not forced to use WSUS for update detection by not configuring the WSUS server URL in the "Set the intranet update service for detecting updates" field.

This allows clients to use Microsoft Update directly for detecting and downloading updates.

Step 5: Apply and Update Group Policy

• Apply the changes and ensure the GPO is linked to the correct Organizational Unit (OU).
• Run gpupdate /force on client machines to apply the new policy settings.

---

If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

Answer 2

Thank you for your response.

However, I am unable to leave the field for 'Set the intranet update service for detecting updates' blank, as it is mandatory to enter a URL in this field. My objective is to configure WSUS solely for statistics reporting while allowing clients to download updates directly from Microsoft.

Could you please clarify how I can proceed with this setup without having to provide a detection URL in the GPO,

Answer 3

What everyone says here is WRONG!!!! And this is why AI doesn't work very well yet.

You CANNOT do what you're asking.

WSUS either manages and collects statistics, or it does NOT.

It says so - RIGHT IN THE GPO POLICY

Answer 4

Hello @ABK

Yes, it is possible to configure Group Policy Objects (GPO) so that Windows Server Update Services (WSUS) is used only for statistics reporting, while allowing clients to use Microsoft Update for update detection and download. Here’s how you can achieve this:

Step 1: Open Group Policy Management

• Access the Group Policy Management Console (GPMC) on your server.
• Navigate to the specific GPO you want to configure or create a new one.

Step 2: Configure Automatic Updates

• Go to Computer Configuration > Administrative Templates > Windows Components > Windows Update.
• Find the policy "Configure Automatic Updates".
• Set it to "Enabled" and choose an appropriate option that allows automatic updates but does not specify a WSUS server for updates.

Step 3: Set Intranet Update Service for Detection

• Locate the policy "Specify intranet Microsoft update service location".
• Set this policy to "Enabled".
• Enter the WSUS server URL in the "Set the intranet update service for detecting updates" field.
• Leave the "Set the intranet statistics server" field blank or set it to the same WSUS URL if you want to report statistics.

Step 4: Disable WSUS for Update Detection

• Ensure that the clients are not forced to use WSUS for update detection by not configuring the WSUS server URL in the "Set the intranet update service for detecting updates" field.
• This allows clients to use Microsoft Update directly for detecting and downloading updates.

Step 5: Apply and Update Group Policy

• Apply the changes and ensure the GPO is linked to the correct Organizational Unit (OU).
• Run gpupdate /force on client machines to apply the new policy settings.

---

If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

Answer 5

Hello @ABK

Yes, it is possible to configure Group Policy Objects (GPO) so that Windows Server Update Services (WSUS) is used only for statistics reporting, while allowing clients to use Microsoft Update for update detection and download. Here’s how you can achieve this:

Step 1: Open Group Policy Management

• Access the Group Policy Management Console (GPMC) on your server.
• Navigate to the specific GPO you want to configure or create a new one.

Step 2: Configure Automatic Updates

• Go to Computer Configuration > Administrative Templates > Windows Components > Windows Update.
• Find the policy "Configure Automatic Updates".
• Set it to "Enabled" and choose an appropriate option that allows automatic updates but does not specify a WSUS server for updates.

Step 3: Set Intranet Update Service for Detection

• Locate the policy "Specify intranet Microsoft update service location".
• Set this policy to "Enabled".
• Enter the WSUS server URL in the "Set the intranet update service for detecting updates" field.
• Leave the "Set the intranet statistics server" field blank or set it to the same WSUS URL if you want to report statistics.

Step 4: Disable WSUS for Update Detection

• Ensure that the clients are not forced to use WSUS for update detection by not configuring the WSUS server URL in the "Set the intranet update service for detecting updates" field.
• This allows clients to use Microsoft Update directly for detecting and downloading updates.

Step 5: Apply and Update Group Policy

• Apply the changes and ensure the GPO is linked to the correct Organizational Unit (OU).
• Run gpupdate /force on client machines to apply the new policy settings.

---

If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.