Set a WSUS Target Group during build and capture

By | March 21, 2014

I recently found myself needing to set a WSUS target group during the build and capture of a Windows 7 image using MDT.  This is a typical scenario when clients don’t assign updates to the unassigned computers group on WSUS and is quite easy to get around.

There are a number of steps to implement this.

Step 1 – create a new variable

You can create this within the Task Sequence however I prefer to do this within the customsettings.ini.  Open your customsettings.ini file and next to properties add WSUSGroup

[Settings]

Priority=Default

Properties=WSUSGroup

Under the default section, you will need to set the name of the WSUSGroup:

[Default]

WSUSGroup=Win7 – Head Office

If you are using MDT to deploy images and you have multiple sections in your customsettings for subnets/mac addresses etc and you have a different WSUSGroup depending on location or OS, you can specify the WSUSGroup in these sections also:

Step 2 – Edit the ZTIWindowsUpdate.wsf script

In order to use the new variable you also need to edit the ZTIWindowsUpdate.wsf file to include some additional lines of code.  To do this open the ZTIWindowsUpdate.wsf file which can be found in the scripts directory on your deployment share using something like Notepad++.  The part of the script you need to change can be found around line 520 and you need to add the following to the script:

 

If oEnvironment.Item("WSUSGroup") <> "" then
 oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"
 oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"
End if

Once edited the section of your script should look like this:

'//---------------------------------------------------------------------------- '// Configure Windows Update settings '//----------------------------------------------------------------------------

If oEnvironment.Item("WsusServer") <> "" then

   ' Configure the WSUS server in the registry. This needs to be a URL (e.g. http://myserver).

   oLogging.CreateEntry "Configuring client to use WSUS server " & oEnvironment.Item("WsusServer"), LogTypeInfo

   oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer", oEnvironment.Item("WsusServer"), "REG_SZ"    oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer", oEnvironment.Item("WsusServer"), "REG_SZ"

   If oEnvironment.Item("WSUSGroup") <> "" then       oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"       oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"    End if

End if

Leave a Reply

Your email address will not be published. Required fields are marked *