On the side when I’m not doing SharePoint development, I help recycle/repurpose old computers for donation or for friends and family.

I discovered some facts and a quick fix to make sure that Windows Update works.

Facts about Windows Update on a Windows (7) machine joined to a domain with a GPO configured to set all clients to get Windows Updates from a WSUS server:

  • Computer that is joined to the domain: The GPO will set a registry setting that directs Windows Update to the WSUS
  • Computer that was part of a domain and is removed from said domain: The Domain GPOs in effect will no longer be enforced, however, no action will be taken during the removal from the domain (e.g. switching to a workgroup). The registry key that tells the system to look for a WSUS server remains unchanged.
  • Computer not part of the domain connects to a domain-managed network: This computer will not get the GPO pushed to it since it is not part of the domain. Nothing will happen with Windows Updates or any GPO-enforced settings.

The Quick Fix:

  • Open Regedit and navigate to HKLM/Software/Policies/Microsoft/Windows/WindowsUpdate/AU
  • Edit the registry key “UseWUServer” and set its value to 0.
  • Open Windows Update and it should be able to connect to MS and download updates.

While you can always manually check online for windows updates, setting that value to zero (0) will allow Windows Update to automatically check for updates based on the schedule defined in its settings.


Comments are closed.