If you look at this registry setting: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
The keys and their value ranges are listed in the following table. Automatic Updates Configuration Registry Keys Entry Name Value Range and Meanings Data Type AUOptions Range = 2|3|4|5 2 = Notify before download. 3 = Automatically download and notify of installation. 4 = Automatic download and scheduled installation. (Only valid if values exist for ScheduledInstallDay and ScheduledInstallTime.) 5 = Automatic Updates is required, but end users can configure it. After you can change the setting and if the setting gets changed back to auto install the GPO's are setting the value and you need to find the "Configure Automatic Updates" setting and change it. If you run the "Group Policy Results" against the server in question, you can find Winning GPO that is making the change. Ie MyDomain\MyAdmin on MyDomain\MyDC Data collected on: 3/4/2007 6:22:19 AM show all Windows Components/Windows Updatehide <about:blank> Policy Setting Winning GPO Allow Automatic Updates immediate installation <javascript:void();> Enabled WSUS for Servers Automatic Updates detection frequency <javascript:void();> Enabled WSUS for Servers Check for updates at the following interval (hours): 1 Policy Setting Winning GPO Configure Automatic Updates <javascript:void();> Enabled WSUS for Servers Configure automatic updating: 3 - Auto download and notify for install The following settings are only required and applicable if 4 is selected. Scheduled install day: 0 - Every day Scheduled install time: 03:00 Hope this helps. Brian Caisse, Network Administrator Solid Waste Authority of PBC 7501 N Jog Road West Palm Beach, FL 33412 http://www.swa.org <http://www.swa.org/> From: Jim Majorowicz [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 6:49 PM To: NT System Admin Issues Subject: Active Directory Rules I have a customer with two servers. We had to remove WSUS from the network because who ever set it up before borked the whole mess to the point that: 1) They were fired, and 2) The customer doesn't want WSUS. Now somewhere along the way of either the setup or the removal, the servers got his with a Group Policy that forces them to *RUN* the updates at 3 AM just like the default PC rules. Obviously this is bad. I ran the computers through Group Policy Results, and checked the GP they have in common. I did not that the Update Services Polices are in fact gone, but I'm thinking they're somehow still being enforced. How do I go about telling these servers to stop? I tried restarting one of them, but that didn't help. Am I missing something in the registry maybe? Regards, Jim Majorowicz, MCP Sr. Network Engineer Whitsell Computer Services (503) 297-8440x12 www.whitsell.com We can support you no matter where you are. Ask me for details. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
<<image001.png>>
<<image002.gif>>
<<image003.gif>>
