Configuring WSUS Clients That Are Not In Your Domain
In this lecture, I will be showing you how to configure your WSUS clients that are not joined to your Windows Domain environment. This is a rare case that you might need to do, but I want to cover it in case it comes up.
To configure WSUS clients that are not part of your domain you simply need to apply the appropriate registry settings. We will export the settings from the working computer and import them into the non-domain computer.
On a Domain Joined computer, click on the Windows icon to the bottom left and type regedit. This will show the Regedit application. Click on it to open it up.
Now browse to HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows > WindowsUpdate.
RIght-click on the WindowsUpdate and select Export from the context menu.
Save it to the Desktop and name it something like WSUSClientConfig and click on Save. You can close the Registry Editor window.
We should have a new file on our Desktop like the following:
If we right-click on the file and choose Edit.
We can see in a file text editor the keys for the WindowsUpdate and AU folder and all these are the settings we configured in Group Policy. So our target computers that are not joined to the domain will get the same settings we configured in Group Policy Manager Editor. Close the text editor.
We now right-click and choose Copy to move it to our target computer.
Open File Explorer and type \\IPDC01\Share in the address bar to navigate to the public share we created. Right-click and Paste the file here in this location.
Switch over to IPWS02 workstation which is not joined to our domain and will look for this file in the same share folder. Open Windows Explorer and type \\IPDC01\Share. You might need to enter your Domain Administrator credentials to access the shared folder. Select the file and right-click and select Copy.
Right-click and Paste it to the Desktop. Once the file has been copied from the shared folder to the Desktop we right-click the file and select Merge.
You will need to click Yes on the user account control window to make changes to your device.
Click Yes on the following pop-up window. This is a warning message from the Registry Editor for the changes that are about to be added to the file.
We have another message that the keys and values in the file have been added successfully to the registry. Click on the OK button.
If we check the Registry navigating to HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows > WindowsUpdate we see all the keys and values. Now the machine will retrieve the updates from our WSUS server.
We will right-click the file and choose Edit to add the target group.
We will add two keys under the UpdateFolder section as we can see from the screenshot. Click File from the menu and Save to save the file.
We repeat the steps to add it to the registry. Right-click the file and select Merge. Click Yes, Yes, and OK.
Opening the Registry Editor again we see the two new values.
We can now copy the modified file back to the File Share with the newly added keys and values so that the computers that we set up to get updates from our WSUS server get the new configuration.
Now we type from the Windows machine click on the Windows icon at the bottom left wuauclt /reportnow and that will help to check-in the computer faster.
Remember that WSUS is not an instant tool and the workstations might not show immediately.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.