Posted 06 November 2011 - 11:33 PM
What I want to know is if there is any way to enable Microsoft Update without having to go on each individual computer and follow that link. Is there just some registry entry I can change to enable Microsoft Update, or a standalone installer, or something I can integrate without having to go to a computer and via Internet Explorer enable Microsoft Update? I've searched but I cannot find an answer.
I recently installed on several computers using the wsusoffline update system to post install windows updates after installing windows. This worked fairly well however when I ran the baseline security analyzer it shows all these security updates that have not been applied. I've since learned that this is due to Microsoft Update not being enabled. What I would like to do is for future Vista installs make sure it is enabled and for the already Vista installed find some way to enable it without having to go to each computer and log on to internet explorer and click OK to enable it.
Does anyone have experience with this? And if this isn't the right forum can you perhaps show it to the right forum? This also applies to Windows 7. Thanks!
Posted 07 November 2011 - 06:25 AM
It might be worth a try to use regshot to locate any changed registry entries.
Start regshot, Take a snapshot before Microsoft Update,
Take snapshot after Microsoft Update has been enabled.
You will probably have quite a few entries to comb through
But you also might get lucky.
Maybe someone else can definitively answer this for you.
This would be good info to know.
Posted 15 November 2011 - 04:48 AM
Posted 15 November 2011 - 10:37 AM
RegShot v1.8.2 http://www.snapfiles...a=7116553&loc=2
A snippet from this post describing why I use 2 regshots:
RegShot v1.8.1 will also catch any files that have been installed into other directories
such as \sys32, \inf or \driver folders.
There is also What Changed which is a little more comprehensive, just takes longer.
Advanced Registry Tracer Trial Version
*** Convert Reg to .script ***
To convert regshot to .script I use:
convert *.reg files to script files using Reg2WBS
*** Advanced tools *** Just google for these if you want to try.
also known as procexp.exe, shows you information about which handles
and DLLs processes have opened or loaded.
This software will notify you of if a Process stops running on your PC.
It can also be set to let me know if any process has started to run.
Posted 16 November 2011 - 11:37 PM
<?xml version="1.0" encoding="utf-16" ?> <ProviderAuthorizationInfo xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/msus/2002/12/SUSProviderAuthorization"> <ServiceID>7971f918-a847-4430-9279-4a52d1efe18d</ServiceID> <CabVersion>12</CabVersion> <IssuedDate>2009-05-18T17:27:43.5251853-08:00</IssuedDate> <ExpiryDate>2012-05-18T17:27:43.5251853-08:00</ExpiryDate> <RedirectUrl>http://download.windowsupdate.com/v9/microsoftupdate/redir/muv4muredir.cab</RedirectUrl> <RedirectUrl>http://download.microsoft.com/v9/microsoftupdate/redir/muv4muredir.cab</RedirectUrl> <RedirectUrl>http://www.update.microsoft.com/v9/microsoftupdate/redir/muv4muredir.cab</RedirectUrl> <OffersWindowsPatches>true</OffersWindowsPatches> <UIPluginCLSID>3809920F-B9D4-42DA-92E0-E26265E0FB89</UIPluginCLSID> <IsManaged>false</IsManaged> <CanRegisterWithAU>true</CanRegisterWithAU> <ServiceUrl>http://www.update.microsoft.com/microsoftupdate/</ServiceUrl> <SetupPrefix>mu</SetupPrefix> <LocalizedProperties> <Language>en</Language> <Name>Microsoft Update</Name> </LocalizedProperties> </ProviderAuthorizationInfo>
Something then happens which results in the creation of files:
which are just copies of the tempauthcab in my temp dir.
Registry entries show the following relevant changes:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextSqmReportTime=2011-11-16 23:50:12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\EnableFeaturedSoftware=1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\ElevateNonAdmins=1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextDetectionTime=2011-11-16 00:00:12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextFeaturedUpdatesNotificationTime=2011-11-15 23:50:12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\DefaultService=7971f918-a847-4430-9279-4a52d1efe18d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d\AuthorizationCab=tempauthcab.cab
I did some searching based on those changes. Here are the relevant threads from technet:
Automate "Find Out More" option in windows updates
Auto register for Microsoft updates
answer file and Microsoft Update
And directly from MS: Opt-In to Microsoft Update
In a VM with a clean Vista SP2 install (retail) without any updates applied I followed the directions from MS and created a mu.vbs file with those commands to opt-in. Then as administrator I ran wscript mu.vbs. Doing that creates these keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\DefaultService=7971f918-a847-4430-9279-4a52d1efe18d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d\AuthorizationCab=authcab.cab
Those technet posts say to enable "IncludeRecommendedUpdates" but for me it was already enabled. However I did notice that even though Windows Update now said I receive updates for Windows and other products from Microsoft Update there was a box below that said "Find out more about free software from Microsoft Update. Click here for details." Click that and you'll toggle the "EnableFeaturedSoftware" key, which up until that point was not enabled. The "EnableFeaturedSoftware" can also be toggled after Microsoft Update is enabled by Windows Update > Change Settings > "Show me detailed notifications when new Microsoft software is available". If you are setting the registry keys you may have to restart the windows update service in order for them to be acknowledged (I had to do this).
So here is what I have tested in a clean vista sp2 vm. Create a file mu.vbs:
Set ServiceManager = CreateObject("Microsoft.Update.ServiceManager") ServiceManager.ClientApplicationID = "My App" Set NewUpdateService = ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")
Then run command prompt as administrator:
net stop wuauserv reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v EnableFeaturedSoftware /t REG_DWORD /d 1 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 1 /f cscript c:\users\admin\desktop\mu.vbs net start wuauserv
The cscript will cause the windows update service to start again so you probably won't need to restart it. Also, if you try to stop Windows Update service and see a message that it can't be stopped you may have to reboot. I'm interested in if someone will try this in a Windows 7 VM and let us know what happens. Also as noted in technet posts this has to be done after-the-fact it can't be done in sysprep apparently.
Many thanks to RoyM. This board should have reputation points.
- Rui Paz likes this
Posted 17 November 2011 - 08:35 AM
I'm glad to be of some help and that you got your answers.
Thanks for sharing your notes and links.
btw, it seems your google-fu is working after all.