The servers in the DMZ are not part of the domain and you must manually point them to WSUS if you want WSUS to manage their updates.
To do so:
Log into the server which is in the DMZ as an administrator
Go to Run and enter the following command: gpedit.msc
(this is the local group policy)
When it opens, navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update
The following need to be enabled and edited:
1) Configure Automatic Updates
-
Enabled
-
Configure automatic updating: 3 – Auto download and notify for install
-
Scheduled install day: 0 – Every day
-
Scheduled install time: 15:00
2) Specify intranet Microsoft update service location
-
Enabled
-
Set the intranet update service for detecting updates:
-
Set the intranet statistics server:
3) Automatic Updates detection frequency
-
Enabled
-
Check for updates at the following interval (hours): 1
Now open a Command Prompt and run the following command:
Wuauclt /detectnow
This will force the server to report to the WSUS server
Note: after installing WSUS and after a week or two and machines are still showing as “Not yet reported,” then install WSUS SP2. )
Categories: