Hi neutec,
It’s dead easy to do using a GPO. On the OU where your workstations reside, create a new GPO (or modify an existing one) then navigate to 'computer Configuration\Administrative Templates\Windows Components\Windows Update
As long as you have your SUS box on the network and it has been setup correctly, you can change the Specify intranet Microsoft update service location setting in the GPO to point to the name of this box (i.e.
The only other key I set for my workstations was the configure Automatic Updates key, which has the options of how you want the updates to be installed (Notify for download & install, Auto download & notify install etc...) The day and the time.
A reboot of the workstations once the GPO has been setup should apply the changes.
Just a note (I’m sure you know this!) - You should really test the updates on at least 1 test PC first before automatically installing them. Within WSUS I have set up a testing directory which contains a few workstations that get installed first once the new updates have been approved. If there are no issues then I roll them out to the other machines on my network.
If you are not on a domain, then you can install updates automatically from SUS using the registry keys, which you would need to install import on each workstation. I have a workgrouped PC which has this setup;
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="
Address of WSUS Server"
"WUStatusServer"="
Address of WSUS Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004 (Different numbers explained below)
2 - Notify for download and notify for install
3 - Auto download and notify for install
4 - Auto download and schedule the install
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:0000000a
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
Hope this helps,
TechieMan
