How to "Stop" WSUS Reporting

CompuTron99CompuTron99 Member Posts: 542
in Off-Topic
I know this is a different.

My company decided to give employees that were layed - off there office workstations. Of course IT was not informed until the computers went home. The users are still logging into their Domain accounts. The only problem I have, is that the computers are still reporting to WSUS. They have been removed from Active Directory.

Is there a way to stop the computers from reporting to the WSUS server's here WITHOUT removing the computers from the domain at the workstation? With the number of computers, removing each one and copying files will take a long time. Each user's account is setup as the a local admin.

I can see in the Windows XP registry where the location of the servers are: HKLM\software\policies\microsoft\windows. Is it possible to change the location to Microsoft directly?
· Share on FacebookShare on Twitter

Comments

  • tierstentiersten Member Posts: 4,505
    No idea about your WSUS problem but what your company did is just bizarre and mind boggling. People who are no longer employed by your company were given their workstations which they have admin access to and which may possibly contain company data and they still connect to your network/domain? Who in management came up with that brilliant idea?
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    tiersten wrote: »
    No idea about your WSUS problem but what your company did is just bizarre and mind boggling. People who are no longer employed by your company were given their workstations which they have admin access to and which may possibly contain company data and they still connect to your network/domain? Who in management came up with that brilliant idea?


    Really, what in the hell is going on where you work?!?!
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • crrussell3crrussell3 Member Posts: 561
    I guess I am a little bit confused by what you mean "stop wsus reporting"? If the pc is no longer physically connected to your network, they cannot pull updates from your corporate wsus servers. The workstations in question will no longer receive automatic updates, as they must manually run windows update.

    If you mean how do you get those workstations out of wsus so they no longer show up, just manually remove them like you would in ADUC. This way they will no longer show up as not reporting, missing updates, etc.

    That is a very weird situation that brings up more problems than one could imagine. Not only are you out hardware assets, but also software/os licensing, possible corporate data "stolen" (copied files, offline files, etc).
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
    · Share on FacebookShare on Twitter
  • CompuTron99CompuTron99 Member Posts: 542
    I agree with all of you 110%.

    I wasn't involved with any of this. These computers were given out before a merger, now I have to be the one to clean it up. It was a mixure of an out-the-door IT manager and management that had no clue.

    I hope my post doesn't make anyone think differently of me.

    CCrussell3: The computers are setup to report to an WSUS server address outside of the firewall. i.e: https:\\update.my-wsus.###
    · Share on FacebookShare on Twitter
  • tierstentiersten Member Posts: 4,505
    CompuTron99 wrote: »
    It was a mixure of an out-the-door IT manager and management that had no clue.
    Ah. Combination of don't care anymore and no clue.
    CompuTron99 wrote: »
    I hope my post doesn't make anyone think differently of me.
    Nope. You already said that IT hadn't been warned about this.
    CompuTron99 wrote: »
    CCrussell3: The computers are setup to report to an WSUS server address outside of the firewall. i.e: https:\\update.my-wsus.###
    If they're no longer actually connecting to your network and you don't have them in the domain then I'm not sure how you'd push out the update for the registry keys. Emailing the users and telling them to run something on your behalf probably isn't going to get a good response since they won't be inclined to help you.

    Why is your WSUS server externally visible anyway?

    The best option I guess would be to change the address of your WSUS server...
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    CompuTron99 wrote: »
    The computers are setup to report to an WSUS server address outside of the firewall. i.e: https:\\update.my-wsus.###

    Why? Hopefully you disabled cached credentials.

    Was the wsus address pushed out by gpo or lgpo? You can remove hosts from wsus by simply right-clicking on them and choosing 'Delete'. Unless the wsus address was manually added or set via lgpo, they shouldn't show up again.

    And tell your management I said that they are fired. Pack their things and escort them out of the building immediately.
    · Share on FacebookShare on Twitter
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    The only way you will be able to make this stop is to change the hostname that you're giving out for external access to your WSUS server and change the configuration of the computers that should legitimately be connecting to it. The computers that were given away would keep trying to connect to a hostname that doesn't exist (still isn't optimal), but if you can't manage those machines any more then you don't have another choice.

    That said, wtf? No one wiped the machines? Someone from your department need to raise holy hell if they haven't already.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
    · Share on FacebookShare on Twitter
  • Hyper-MeHyper-Me Banned Posts: 2,059
    Change hostname, change the GPO that defines the WSUS settings, then they wont hit it anymore.

    I agree though, it makes no sense to give the machines away, and even less sense that they weren't wiped.
    · Share on FacebookShare on Twitter
  • crrussell3crrussell3 Member Posts: 561
    CompuTron99 wrote: »
    I agree with all of you 110%.

    CCrussell3: The computers are setup to report to an WSUS server address outside of the firewall. i.e: https:\\update.my-wsus.###

    Ah my bad, didn't think there would be that wrench in the mix also.
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
    · Share on FacebookShare on Twitter
  • mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
    Well I guess this would have to win the "Dumbest Management Decision" award here.
    · Share on FacebookShare on Twitter
  • ObdurateObdurate Member Posts: 108
    phoeneous wrote: »
    Why? Hopefully you disabled cached credentials.

    Was the wsus address pushed out by gpo or lgpo? You can remove hosts from wsus by simply right-clicking on them and choosing 'Delete'. Unless the wsus address was manually added or set via lgpo, they shouldn't show up again.

    And tell your management I said that they are fired. Pack their things and escort them out of the building immediately.


    I have to go with this post -- if you delete a computer out of WSUS, the computer does not look for WSUS again (unless you do some registry hacks which I found the hard way).

    And if it does, then my second suggestion is to block them at the firewall.

    ~Obdurate~
    · Share on FacebookShare on Twitter
Sign In or Register to comment.