Powershell – use Powershell to configure Local group policy settings in windows server 2008 r2

group-policypowershellwindows-server-2008-r2

in Windows server 2008 r2 , for this manual process

open run >gpedit.msc > computer configuration > windows templates > windows update > specify intranet microsoft update service location > https://www.10.101.10.10.com

and also state should be enabled/disabled

May i know how to do this using powershell, like scripting ?

Those settings are in Registry part, am asking about :

  • In the GPMC, expand Computer Configuration, expand Policies, expand Administrative Templates, expand Windows Components, and then click Windows Update.

  • In the Windows Update details pane, double-click Specify intranet Microsoft update service location.

  • Click Enabled, and then, server in the Set the intranet update service for detecting updates and Set the intranet statistics server text boxes, type the same URL of the WSUS server. For example, type http://XX.XX.XX.XX in both boxes (where servername is the name of the WSUS server).

Is This POssible from Powershell Script end ?

Best Answer

That policy updates the following Registry key with a number of values:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Name:  UseWUServer
Type:  DWORD
Value: 1

Name:  WUServer
Type:  String
Value: "URL to Windows Update Server"

Name:  WUStatusServer
Type:  String
Value: "URL to Intranet Statistics Server"

Simply set these values, using the Set-ItemProperty cmdlet:

# Set the values as needed
$WindowsUpdateRegKey = "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
$WSUSServer          = "https://10.101.10.10:5830"
$StatServer          = "https://10.101.10.10:5830"
$Enabled             = 1

# Test if the Registry Key doesn't exist already
if(-not (Test-Path $WindowsUpdateRegKey))
{
    # Create the WindowsUpdate\AU key, since it doesn't exist already
    # The -Force parameter will create any non-existing parent keys recursively
    New-Item -Path $WindowsUpdateRegKey -Force
}

# Enable an Intranet-specific WSUS server
Set-ItemProperty -Path $WindowsUpdateRegKey -Name UseWUServer -Value $Enabled -Type DWord

# Specify the WSUS server
Set-ItemProperty -Path $WindowsUpdateRegKey -Name WUServer -Value $WSUSServer -Type String

# Specify the Statistics server
Set-ItemProperty -Path $WindowsUpdateRegKey -Name WUStatusServer -Value $StatServer -Type String

You might have to restart the automatic update service for the changes to take effect

Restart-Service wuauserv -Force
Related Topic