This is acutually for Microsoft Endpoint Protect updates under SCCM software udpates, however I make it a single article just make it easier since people may come from different reason.

 

To get this "Give me updates for other Microsoft product when I update" opt in, we are going to use GPO.

First on a client machine(I assume most of your client machine in same OU are using same OS version),without the option above checked, run Regedit.exe, then go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\

and export the key to some where. What I got is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\117cab2d-82b1-4b5a-a08c-4d62dbee7782] "RegisteredWithAU"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending] "ValidatedPreWsus3RegistrationRequests"=dword:00000001

 

Now get the option checked, restart computer(Not sure if its necessary), run Regedit.ext, then go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\

again, and export the same key, name it something different. What I got this time is:

 

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services]
"DefaultService"="7971f918-a847-4430-9279-4a52d1efe18d"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\117cab2d-82b1-4b5a-a08c-4d62dbee7782]
"RegisteredWithAU"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d]
"RegisteredWithAU"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending]
"ValidatedPreWsus3RegistrationRequests"=dword:00000001

 

Compare the two you can find the line :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d]
"RegisteredWithAU"=dword:00000001

is what we need.

 

Now go to Group policy -> Computer Configuration -> Preference -> Windows Settings -> Registry

Right click and create new Register Iteam,

Hive = HKEY_LOCAL_MACHINE

Key Path = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d

Value Name = RegisteredWithAU

Value Data = 1

Hex

OK.

Gpupdate on DC.

 

Now uncheck the client update option and restart client, login and find out if the option is checked again. Cheers!

 

About Lei

I am an IT specialist with over 10 year experience - years on Automation, on-Premise or Azure.

I am happy to develop however never want be a full time developer. Only do what I have to do. If it has to be PowerShell,HTML, PHP, CSS, C#, VBS or JS, front end or backend, so be it, doesn't matter!

Spent years with Windows, SCCM, SharePoint, SQL and Exchange servers. For last several years, I have been actively working under On Premise > Azure environment.

THERE IS NO WAY BACK!!!

Current Certificates:
    Microsoft® Certified-
  • -Enterprise Administrator
  • -Database Administrator
  • -SharePoint Administrator
  • -Administering and Deploying SCCM 2012
Red Hat Certified Technician
ITIL V3 Foundation - Practitioner

Working on Azure Certificates now and hopefully they can stop upgrading their questions one day! GIVE ME A BREAK!

Contact Lei

Name *
Email *
Comments *

Traffic since 10/08/2016

Today47
Yesterday83
This week671
This month1967
Total416327

Visitor Info

  • IP: 54.227.51.103
  • Browser: Unknown
  • Browser Version:
  • Operating System: Unknown

Who Is Online

1
Online

2017-12-17

Login