Can I use Powershell to configure Local group policy settings in windows server 2008 r2
in Windows server 2008 r2 , for this manual process
open run >gpedit.msc > computer configuration > windows templates > windows update > specify intranet microsoft update service location > https://www.10.101.10.10.com
and also state should be enabled/disabled
May i know how to do this using powershell, like scripting ?
Those settings are in Registry part, am asking about :
In the GPMC, expand Computer Configuration, expand Policies, expand Administrative Templates, expand Windows Components, and then click Windows Update.
In the Windows Update details pane, double-click Specify intranet Microsoft update service location.
- Click Enabled, and then, server in the Set the intranet update service for detecting updates and Set the intranet statistics server text boxes, type the same URL of the WSUS server. For example, type http://XX.XX.XX.XX in both boxes (where servername is the name of the WSUS server).
Is This POssible from Powershell Script end ?
Solution 1:
That policy updates the following Registry key with a number of values:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
Name: UseWUServer
Type: DWORD
Value: 1
Name: WUServer
Type: String
Value: "URL to Windows Update Server"
Name: WUStatusServer
Type: String
Value: "URL to Intranet Statistics Server"
Simply set these values, using the Set-ItemProperty
cmdlet:
# Set the values as needed
$WindowsUpdateRegKey = "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
$WSUSServer = "https://10.101.10.10:5830"
$StatServer = "https://10.101.10.10:5830"
$Enabled = 1
# Test if the Registry Key doesn't exist already
if(-not (Test-Path $WindowsUpdateRegKey))
{
# Create the WindowsUpdate\AU key, since it doesn't exist already
# The -Force parameter will create any non-existing parent keys recursively
New-Item -Path $WindowsUpdateRegKey -Force
}
# Enable an Intranet-specific WSUS server
Set-ItemProperty -Path $WindowsUpdateRegKey -Name UseWUServer -Value $Enabled -Type DWord
# Specify the WSUS server
Set-ItemProperty -Path $WindowsUpdateRegKey -Name WUServer -Value $WSUSServer -Type String
# Specify the Statistics server
Set-ItemProperty -Path $WindowsUpdateRegKey -Name WUStatusServer -Value $StatServer -Type String
You might have to restart the automatic update service for the changes to take effect
Restart-Service wuauserv -Force
Solution 2:
The script is almost right, I would change it to this as the WUServer and WUStatusServer paths need to be in the parent key.
example:
# Set the values as needed
$WindowsUpdateRegKey = "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
$WindowsUpdateRootRegKey = "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\"
$WSUSServer = "http://1.1.1.1:5830"
$StatServer = "http://1.1.1.1.80:5830"
$Enabled = 1
# Test if the Registry Key doesn't exist already
if(-not (Test-Path $WindowsUpdateRegKey))
{
# Create the WindowsUpdate\AU key, since it doesn't exist already
# The -Force parameter will create any non-existing parent keys recursively
New-Item -Path $WindowsUpdateRegKey -Force
}
# Enable an Intranet-specific WSUS server
Set-ItemProperty -Path $WindowsUpdateRegKey -Name UseWUServer -Value $Enabled -Type DWord
# Specify the WSUS server
Set-ItemProperty -Path $WindowsUpdateRootRegKey -Name WUServer -Value $WSUSServer -Type String
# Specify the Statistics server
Set-ItemProperty -Path $WindowsUpdateRootRegKey -Name WUStatusServer -Value $StatServer -Type String
# Restart Windows Update Service
Restart-Service wuauserv -Force
Solution 3:
You mention "Local Policy" but then talk about "Group Policy".
The Powershell functions for manipulating group policies are limited. You can create a new GPO, link a GPO to an OU, set permissions and inheritance on GPOs, and you can set registry-based GPO rules.
I haven't tried it, but you might be able to combine Mathias's answer with Set-GPRegistryValue
.