Disable WSUS on Managed Computers
The past 8 or more years most of us have managed PC updates using WSUS (Windows Server Update Service) and Group policy. However, the structure of the modern office has changed to a large percentage of mobile employees who never ‘touch down’ at headquarters. If these devices do not connect to the domain they do not have updates applied.
A client who has not returned to the office in 18 months, and likely will not for the life of their laptop, recently asked how they could update their machine manually. Currently they were not able to do so as Windows Update showed “settings are managed by your system administrator”, in other words, by WSUS
It is quite simple to disable WSUS management in the registry, however remember if the device is reconnected to the domain, the WSUS policies will be reapplied. Therefore you may want to move the device to an OU not linked to the WSUS policy or remove the device in the policy under security filtering.
Disclaimer: Be aware making incorrect registry changes can have disastrous effects to the health of the device. Be sure to backup the registry before editing. To do so see the following Microsoft article; “How to back up and restore the registry in Windows” http://support.microsoft.com/kb/322756
- Open the registry editor, by entering Regedit in the Start / Run box, and browse to: HKLM\Software\Policies\Microsoft\Windows\
- Locate the WindowsUpdate Key and delete it
- Reboot the PC (may take 2 reboots)
- Now you can manually update and configure Windows updates to automatically check for and install updates directly from the Microsoft Update site
You may want to consider using a newer service such as Windows Intune to manage your computers, especially mobile devices. http://www.microsoft.com/en-us/server-cloud/products/windows-intune/
LAN-Tech Network Management 