Considering the several hundred servers, I wound up doing a port scan on the network for port 80, and then removed the known web servers. It wound up being on one of the domain controllers for one of the many domains we manage, and has been removed. The GPOs will reset those users who were configured incorrectly.
Klint ________________________________________ From: Richard Stovall [[email protected]] Sent: Thursday, March 25, 2010 3:09 PM To: NT System Admin Issues Subject: Re: Detect Rogue WSUS Server Or that, but that's just waaaaaaaaaayyyyyyyy too easy. On Thu, Mar 25, 2010 at 6:01 PM, John Cook <[email protected]> wrote: > Can't you look in the registry under > HKLM\software\policies\microsoft\windows\windowsupdate\wuserver ? > > ________________________________ > From: Jonathan Link > To: NT System Admin Issues > Sent: Thu Mar 25 17:50:32 2010 > Subject: Re: Detect Rogue WSUS Server > > Or, if it's serving updates, wouldn't it be in a GPO? > > In Group Policy Object Editor, expand Computer Configuration, expand > Administrative Templates, expand Windows Components, and then click Windows > Update. > > In the details pane, click Specify Intranet Microsoft update service > location. > > Click Enabled and type the HTTP(S) URL of the same WSUS server in the Set > the intranet update service for detecting updates box and in the Set the > intranet statistics server box. For example, type http(s)://servername in > both boxes. > > Click OK. > > > On Thu, Mar 25, 2010 at 5:38 PM, Steve Ens <[email protected]> wrote: >> >> There is a log file that you can find on your machine (if you are on the >> group policy that gets updated)... >> http://support.microsoft.com/kb/902093 >> >> >> On Thu, Mar 25, 2010 at 4:36 PM, Klint Price <[email protected]> >> wrote: >>> >>> A co-worker installed WSUS on a server in our environment, but never >>> documented where it was installed to. What are my options to detect where >>> it is located if I do not have access to the LAN or FW (managed by another >>> team in another office). >>> >>> >>> >>> >>> >>> >>> >>> >> >> >> >> > > > > > > ________________________________ > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or > attached to or with this Notice is intended only for the person or entity to > which it is addressed and may contain Protected Health Information (PHI), > confidential and/or privileged material. Any review, transmission, > dissemination, or other use of, and taking any action in reliance upon this > information by persons or entities other than the intended recipient without > the express written consent of the sender are prohibited. This information > may be protected by the Health Insurance Portability and Accountability Act > of 1996 (HIPAA), and other Federal and Florida laws. Improper or > unauthorized use or disclosure of this information could result in civil > and/or criminal penalties. > Consider the environment. Please don't print this e-mail unless you really > need to. > > This email and any attached files are confidential and intended solely for > the intended recipient(s). If you are not the named recipient you should not > read, distribute, copy or alter this email. Any views or opinions expressed > in this email are those of the author and do not represent those of the > company. Warning: Although precautions have been taken to make sure no > viruses are present in this email, the company cannot accept responsibility > for any loss or damage that arise from the use of this email or attachments. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
