Windows Server - Does WSUS block Windows Update?

Asked By Andrew Oliner on 09-Apr-07 10:38 AM
I have one PC running Vista, and I would like that PC to be able to check
the Windows Update site directly, for Driver Updates. I know I can do Driver
Updates through WSUS, but I don't want to download 30,000 drivers just to
get the 2 or 3 I really need.

I can't tell if my Vista PC is checking Windows Update, and there's nothing
new there, or if it is restricted to checking my WSUS server. WSUS 2, btw.
Can I tell which server the PC is contains? Is there a way to get it to
check the Microsoft Windows Update site?


Michael D. Ober replied on 09-Apr-07 11:00 AM
In XP at least, you can still go to Windows update by entering

Mike Ober.
Andrew Oliner replied on 09-Apr-07 12:18 PM
Yes, but as I said, this is Vista.
DevilsPGD replied on 09-Apr-07 01:46 PM
There is a "Check online for updates from Microsoft Update Service" link
that will bypass WSUS and hit Microsoft's servers directly.
Insert something clever here.
Andrew Oliner replied on 09-Apr-07 03:37 PM
I don't see that as an option. Is it on the main Windows Update screen, the
Change Settings screen, or somewhere else?

It may also be hidden due to the fact that Windows interprets my Group
Policy to mean that users can't change any settings.
DevilsPGD replied on 09-Apr-07 03:59 PM
In message <> "Andrew

On the Windows Update screen, immediately under the "You receive
updates" which is set to "Managed by your system administrator" is a
link that sayd "Check online..."

That was my next thought :)

As I understand it, the group policy setting that would forbid direct
access to Windows Update would also remove this link.  Otherwise, an
administrator on the PC should be able to access this feature.

However, there may be other policies that remove it, my environment is
fairly lax as far as updates (In other words, the users know what
they're doing; if they want to force an update before I release it and
it breaks, they get to fix it themselves)
Insert something clever here.
Bruce Sanderson replied on 09-Apr-07 07:04 PM
I don't see the link you mention; not on domain members nor on workgroup
members when they are configured to use WSUS.

I can't find any setting that "forbids" access to Windows Update - what
setting is that?

Bruce Sanderson MVP Printing

It is perfectly useless to know the right answer to the wrong question.
DevilsPGD replied on 09-Apr-07 08:48 PM
In message <> "Bruce

Group Policy --> User Configuration (Not Computer Configuration) -->
Administrative Templates --> Windows Components --> Windows Update -->

However, now that I think about it, I'm not 100% sure if WSUS works when
that option is enabled -- I think it does, but I'm not sure for certain.
Insert something clever here.
Michael Bednarek replied on 10-Apr-07 08:28 AM
On Mon, 09 Apr 2007 18:48:04 -0600, DevilsPGD wrote in

AFAIK it doesn't. I have a .REG file which will let me access the
Windows Update site despite the Group Policy:



Michael Bednarek   "POST NO BILLS"
DevilsPGD replied on 10-Apr-07 01:36 PM
Isn't that the same thing that the group policy sets?
Insert something clever here.
Winfried Sonntag [MVP] replied on 10-Apr-07 05:00 PM
DevilsPGD schrieb:

WSUS is working very well with enabled above option. Local
Adminstrators don't get the WU-Symbol in Systray, and all Links for
Windows Update will move complete.

DevilsPGD replied on 10-Apr-07 05:20 PM
In message <279qtm3raeep$> "Winfried

Thanks -- That's what I thought, I simply have no need to prevent my
local administrators from controlling their patches if needed.
Insert something clever here.
Lawrence Garvin \(MVP\) replied on 10-Apr-07 07:14 PM
Actually, you won't, unless you approve all of those drivers. Just like
other updates, WSUS Only downloads the content after it's marked as Approved
for Install.

No client on WSUS v2 will use Automatic Updates if it is configured to use a
WSUS v2 server.

Vista, with the =RTM= Windows Update Agent, cannot check Automatic Updates
if it is configured to use WSUS.

Furthemore, Vista with the =WSUS v3= Windows Update Agent, will only be able
to check Automatic Updates if the connection to WSUS fails.

And, even then, Automatic Updates will not, as I believe, provide driver
updates, only critical and security updates.

Fire up a browser and browse to the MU site.

Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)

Everything you need for WSUS is at

And, almost everything else is at
DevilsPGD replied on 11-Apr-07 01:17 AM
This is not consist ant with my experience -- All of my Vista machines
connect to a WSUSv3 server and each of them can be forced to go over to
Windows Update by an administrative user.

Limited users have no such right or access.
Insert something clever here.
Andrew Oliner replied on 11-Apr-07 09:03 AM

Thanks for your reply.

1. I know that WSUS will only download the driver updates I approve. But
when I synced with driver updates, I got a ton of update listings and it was
was to use the Windows Update site and let it suggest the driver for my
specific machine.

2. I don't want access to the Automatic updates from the MU site. I want
access to the manual updates.

3. In Vista, you can no longer access Microsoft Update with a browser. When
you surf over there, you get a page that says to use the Update app that is
built into Vista.

4. So far, I have been unable to find a Group Policy setting that would
restore access to the MU site.
Lawrence Garvin \(MVP\) replied on 18-Apr-07 06:57 PM
Definitely a more reliable option.
Besides, cluttering up the WSUS server with driver metadata can be so
annoying. :-)

Try entering in the Address bar of IE7.

Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)

Everything you need for WSUS is at

And, almost everything else is at
Andrew Oliner replied on 23-Apr-07 08:53 AM
Even using that specific URL, IE7 on Vista just points you to the Windows
Update applet.
Lawrence Garvin \(MVP\) replied on 23-Apr-07 05:51 PM
Welp...... there it is. :-/

So, the answer is: No.

Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)

Everything you need for WSUS is at

And, almost everything else is at