Overview
This article provides steps to modify or remove specific Windows Registry entries related to WSUS (Windows Server Update Services) to ensure the successful installation of Windows patches and remediations on end-user devices. These steps are recommended when WSUS entries exist on devices that do not have WSUS configured, which can interfere with patch installations.
Background
In some cases, devices may retain WSUS-related registry entries even if WSUS is not set up or used in the environment. These entries may prevent the devices from receiving patches or updates, as they may be incorrectly configured to connect to a WSUS server. Removing or modifying these registry entries resolves this issue and allows patches and remediations to be installed properly.
Solution
Follow these steps to remove or modify the WSUS-related registry entries and ensure smooth patch installation
1. Identify the Problematic Registry Entries:
- Open the Registry Editor (regedit).
- Navigate to the following registry keys to find any WSUS-related entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
2.Modify or Remove WSUS Registry Entries:
If the entries contain an incorrect or non-functional WSUS server address, delete or modify the relevant registry values. Specifically: 
- Remove the WSUS Server Address: Delete the key WUStatusServer or set it to
a blank value (-).
- Disable WSUS Update Settings: Set UseWUServer to 0 or delete the key entirely.
3.Create a Registry Modification File: To make the process more efficient and deployable across multiple devices, you can create a .reg file that will automatically modify the registry settings.
Example of a registry modification file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"=-
"WUStatusServer"=-
"EnableWindowsUpdateAutoUpdate"=-
- Open Notepad and paste the above contents.
- Save the file with a .reg extension (e.g., Remove_WSUS_Entries.reg).
4. Deploy the Registry File via Endpoint Management (EM):
- Compress the .reg file into a .zip format for easier deployment.
- Deploy the zipped .reg file across multiple devices using your Saner Endpoint Management (EM) module to ensure consistent configuration.
- Post Deployment WSUS entries got removed on the respective device.
Conclusion
By addressing misconfigured WSUS-related registry entries and deploying changes efficiently through Endpoint Management tools, you can ensure seamless patch installations across all devices. This approach enhances system security, maintains compliance, and reduces administrative overhead, providing a streamlined and reliable update process for your environment.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article