Share via

WSUS without Active Directory

PAVZ 136 Reputation points
2020-08-12T17:08:32.517+00:00

Dear Team
I want to Configuration Windows Server Update Services (WSUS) without Active Directory,

WSUS Server is not connect with AD, i will not connect AD.
i want to patch update windows 10, server 2012, server 2016 by WSUS without AD.
Please share microsoft documents and client working methods and diagram.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,136 questions
Accepted answer
  1. Rita Hu -MSFT 9,641 Reputation points
    2020-08-13T01:12:27.493+00:00

    Hi MarufHossain-3174,

    Thanks for your posting on Q&A.

    If our environment does not connect with AD, we could point to WSUS through the local Group Policy settings. Local group policy settings are similar to domain environments. We could use the following two Group Policies to point the client to WSUS:

    17277-3.png

    17283-4.png

    In the GPME, Windows Update policies for computer-based configuration are located in the path: Local Computer Policy > Computer Configuration > Administrative Templates > Windows components > Windows Update.

    Here is a link for your reference:
    https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates

    Regards,
    Rita

    2 people found this answer helpful.

13 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. PAVZ 136 Reputation points
    2020-08-25T03:36:44.673+00:00

    Dear Rita & Team
    Please advice this issue, I hope early solutions from your end.
    Thanks

    1 person found this answer helpful.
  2. Rita Hu -MSFT 9,641 Reputation points
    2020-08-26T09:18:13.847+00:00

    Hello MarufHossain-3174,

    Please refer to the following steps to try if the issue will be resolved:

    1. Apply the below policy on the Windows Server 2012:
      [Turn off access to all Windows Update features]
      (Location: Local Computer Policy\Computer Comfiguration\Administrative Templates\System\Internet Communication Management\Internet Communication settings)
      Reference Picture:
      20526-20.png 
      2.

    Apply the below policy on the Windows Server 2016:
    [Do not allow update deferral policies to cause scans against Windows Update]
    (Location: Local Computer Policy\Computer Comfiguration\Administrative Templates\Windows Components\Windows Update)

    Reference Picture:
    20527-21.png

    1. Update the Local Computer Policy on the clients
      We could open CMD as administrator and enter gpupdate/force command to update the Local Computer Policy

    Approve the KB4571694 for the Windows Server 2016 client.
    Due to the KB4103723 has been replaced by other updates, I recommended to install 2020-08 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4571694)
    Reference picture:
    20541-22.png

    If there are any updates about the above solutions, please let me know.

    If the response is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments
  3. Cornel Ghisoiu 1 Reputation point
    2020-08-13T05:26:24.09+00:00

    Hi.
    Perhaps you want to deploy easily with a registry key since your computers are not in the domain and GPO is not so easily managed.

    The target group line below should be already created in the WSUS Server.
    The two lines with http - you should have a reachable wsus server on http and change the lines coresponding to your addresses.

    You can change anything not wanted below.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
    "ElevateNonAdmins"=dword:00000000
    "TargetGroup"="WSUSManagedPCs"
    "TargetGroupEnabled"=dword:00000001
    "WUServer"="http://mywsusserver.local:80"
    "WUStatusServer"="http://mywsusserver.local:80"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
    "AUOptions"=dword:00000004
    "AUPowerManagement"=dword:00000001
    "AutoInstallMinorUpdates"=dword:00000001
    "DetectionFrequency"=dword:0000000a
    "DetectionFrequencyEnabled"=dword:00000001
    "IncludeRecommendedUpdates"=dword:00000001
    "NoAUAsDefaultShutdownOption"=dword:00000001
    "NoAUShutdownOption"=dword:00000001
    "NoAutoRebootWithLoggedOnUsers"=dword:00000001
    "NoAutoUpdate"=dword:00000000
    "RebootRelaunchTimeout"=dword:0000000a
    "RebootRelaunchTimeoutEnabled"=dword:00000001
    "RescheduleWaitTime"=dword:0000000a
    "RescheduleWaitTimeEnabled"=dword:00000001
    "ScheduledInstallDay"=dword:00000000
    "ScheduledInstallTime"=dword:00000003
    "UseWUServer"=dword:00000001

    0 comments
  4. PAVZ 136 Reputation points
    2020-08-18T03:40:43.183+00:00

    Dear Team
    Thanks A Lot for your advice
    I was shared my wsus client environment Windows 10, Server 2012 r2 & Server 2016 connect WSUS without domain. my WSUS in Server 2016

    Note: Patch updating only Windows 10 but patch is not downloading and updating server 20 r2 & server 2016.
    Please following the error message:
    2018-05 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4103723) - Error 0x80244019
    (KB4562561) - Error 0x80244019
    Please advice me
    Thanks

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.