Windows update help

[ikush]

Hey Guys,

I have a problem, i will try to explain as much as i can and i hope that someone might have a solution for me.

I have a bunch of Windows 2003 R2 Standard servers spread around the country, not connected with any Active directory or some sort of domain controller.

(i am using RDP connection to control them individually).

My problem is that i need to update the servers with specific KBs from Microsoft and i am doing it usually by RDP to each and every server and installing it from the web interface.

I thought about the WSUS but it cant help me as i am not using Active Directory.

I thought about using Windows Updates Downloader but i cannot control the list of files in the configuration.

Does anyone have any suggestion for me?

And i have to stay with the current structure, i cant install any domain controller to help me with this problem.

Thank you all!

Ika

[PC_LOAD_LETTER]

you dont HAVE to have AD to use wsus.

http://thelazyadmin.com/blogs/thelazyadmin...-Directory.aspx

this is the .reg ive used for the few machines i cant migrate to AD yet.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ElevateNonAdmins"=dword:00000001
"TargetGroup"=""
"TargetGroupEnabled"=dword:00000000
"WUServer"="http://WSUSSERVERNAMEORIP:8530"
"WUStatusServer"="http://WSUSSERVERNAMEORIP:8530"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000002
"AUPowerManagement"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequency"=dword:00000003
"DetectionFrequencyEnabled"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RebootRelaunchTimeout"=dword:000000f0
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RebootWarningTimeout"=dword:00000015
"RebootWarningTimeoutEnabled"=dword:00000001
"RescheduleWaitTime"=dword:00000002
"RescheduleWaitTimeEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001

if the machines still act stupid after a reboot:

Start->Run->"net stop wuauserv"

delete the contents of c:\windows\SoftwareDistribution

Start->Run->"net start wuauserv"

another possibility is remotely executing the patches remotely via a .bat file using psexec but thats problematic.

[soheil]

hi

you can install WSUS server in your centeral office in stand alone server or member server mode, and your server in branches do not need be in same or even in AD domain. wsus use HTTP protocol without any authentication or AD dependency and u can customize your update with special KB for approve to your selected server.