Use Microsoft Update or Internal WSUS depending on your location

  • Article

 

Here is another case I was asked about how to have internal clients use the WSUS server they have published when connected to the corporate network and when outside the corporate network to use Microsoft Update

First a simple PowerShell Script

###################################################################3

$intWsusServer = "internalwsus.contoso.com"

$ErrorActionPreference = "SilentlyContinue"

$ping = New-Object System.net.networkinformation.ping

$results = $ping.Send($intWsusServer)

if (!$results)

{

#This means we cant resolve so we are outside the network and use microsoft update

Set-ItemProperty -erroraction "SilentlyContinue" hklm:\software\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer 1

}

else

{

#this means we are inside the network and says to usse internal WSUS server

Set-ItemProperty -erroraction "SilentlyContinue" hklm:\software\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer 0

}

##################################################################

Save this to a file and Push this to the client so it is local on the machine.

 

Next Create a task in task scheduler as follows

1. Create Basic Task

clip_image002

2. Select Specific Event

clip_image004

3. Configure Trigger as specified

clip_image006

4. Click Start a program

clip_image008

5. Enter location of script

clip_image010

6. Click Finish

clip_image012

And you are done!

Every time the network connection is connected it will invoke the script and test if it can ping the internal server, if it can it will use it , if not it will use Microsoft update

Use the following link to push a task out to all clients via GPO, as part of the same GPO you can have a script which pulls the ps1 file down first

https://technet.microsoft.com/en-us/library/cc725745.aspx