This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 12%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
We had tried out a version of SCCM server and have removed it, but apparently, it was not removed correctly from the domain. Computers from the domain are still getting registry settings for Windows Update Service. I have done a gpresult /h on a client computer to determine what GPO is applying the setting but there is no reference to this server any GPO settings that are applied.
As a temp fix, I had added a setting to delete these two registry entries, but I know this is not correct. Anyone able to provide assistance.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer - http://sccmsrv01.domain.local
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer - http://sccmsrv01.domain.local
There may be other settings that are applying but these are preventing computers to contact Microsoft servers.
Are these clients assigned to the new site already that manages the patching? if so, they will update the wsus entries automatically. but if you have created a GPO and stamped the values into the registry, you will have to get rid of it (GPO) else they always take high priority over the local gpo (Configmgr creates a local gpo with wsus entries).
Thanks,
Eswar
www.eskonr.com
Please take a look at my guide here:
https://www.ajtek.ca/wsus/reset-windows-update-gpo-settings/
The SCCM server is no longer in existence in our domain. The server was removed but must have been removed incorrectly. We are trying to use Microsoft public update server, not an internal server. I have gone through all GPO's that exist in the domain and those that are being applied to the specific client PC that I am working on. None show they are applying these wsus server settings.
If i disable the GPO that deletes these registry entries and do a gpupdate /force the registry entries re-appear. Where are they being applied from? If I do a gpresult /h on the client PC and then do a ctrl-f and search for http://sccmsrv01.domain.local no results are found.
Should I be looking into ASDI edit or something?
Did you read my guide? It explains that.
Yes after running the commands I check the registry and they were removed. Upon rebooting the machine the registry settings came back.
These settings are being applied by the domain but I don't know how and where.
I believe I have figured out the problem. Now to figure out mas deployment of setting to all computers.
I did a google search of UseWUServer registry key to look up what this setting actually does. I came across this post - https://social.technet.microsoft.com/Forums/en-US/f349ce2e-7363-4047-825e-6bcecce1af2e/updates-through-microsoft-instead-of-sccm-or-wsus?forum=configmgrgeneral
That person stated this question - With SCCM setting the local policy for update location, is there a way to set a GPO that would override the local policy but still go to Microsoft for their updates instead of an internal WSUS server?
I pulled up the local group policy on this client PC and sure enough the WSUS server settings were there. After setting them to not configured, GPupdate /force and reboot settings are gone for good.
Again what would be the appropriate way to apply this to all PC's on the domain?