How to verify if Windows Update location is properly configured from WSUS?

windows-server-2008 wsus

Solution 1:

If you're using Group Policy to configure your updates, you can query the registry for the Target Group and WSUS server values:

C:\> REG QUERY "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate"
  WUServer    REG_SZ    http://fcsd-sccm
  WUStatusServer    REG_SZ    http://fcsd-sccm
  TargetGroupEnabled    REG_DWORD    0x1
  TargetGroup    REG_SZ    Servers

Or just get the WUServer value alone:

C:> REG QUERY "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer"
  WUServer    REG_SZ    http://fcsd-sccm

If the WUServer value is not present, you're connecting to Microsoft.

The Powershell equivalent:

Get-ItemProperty HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate

Solution 2:

Look in the Windows Update control panel on the client machine. If you have WSUS configured properly, there will be a message that says something like "Updates are managed by your Systems Administrator".

Solution 3:

Not a direct answer to your question, but....

I have always done this just by expanding "Computers::[OU]" in the Update Services screen in the WSUS server:

enter image description here

It shows the last report date for each computer in the OU. For this though, you will have to wait until the computer has checked for updates for the first time.

The wuauclt command might have an option to display the target update server, not positive though. It does allow you to force a check of updates with wuauclt /detectnow - when you kick that off though it sill takes a few minutes.

If you are telling each client what the update server is via GPO, you will also have to wait for the GPO to apply or use gpupdate /force

Solution 4:

Run the gpresult tool on the client:

gpresult /h report.html

This will show you all GPO settings applied on clients.

Besides that, if you have access to a domain controller, can run the GPO Result Wizard, on Group Policy Editor

On the groups question, I think that you should group your machines by configuration, because you will want to approve updates based on machine configuration or windows version.

I personally, group machines by windows version.

Related

What is a suitable simple, open web server for Windows?
Setting up Subdomains within Amazon AWS Elastic Beanstalk
Tomcat ClassNotFoundException after switching from openjdk to sun java
tar leading period slash
Saved Kitty Password Extraction
How to access web page via terminal?
How to secure Redis cluster on AWS elasticache
How to revert back and undo changes in Centos?
How to secure servers from a cgi-bin/php POST request attack
Can MTA send mail via a relay without being told so?
Tmpfs vs NVME SSDs from performance POV [duplicate]
Most wanted feature for Windows Server Update Services (WSUS) 4.0 [closed]