How to "Stop" WSUS Reporting

I know this is a different.

My company decided to give employees that were layed - off there office workstations. Of course IT was not informed until the computers went home. The users are still logging into their Domain accounts. The only problem I have, is that the computers are still reporting to WSUS. They have been removed from Active Directory.

Is there a way to stop the computers from reporting to the WSUS server's here WITHOUT removing the computers from the domain at the workstation? With the number of computers, removing each one and copying files will take a long time. Each user's account is setup as the a local admin.

I can see in the Windows XP registry where the location of the servers are: HKLM\software\policies\microsoft\windows. Is it possible to change the location to Microsoft directly?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

tiersten

No idea about your WSUS problem but what your company did is just bizarre and mind boggling. People who are no longer employed by your company were given their workstations which they have admin access to and which may possibly contain company data and they still connect to your network/domain? Who in management came up with that brilliant idea?

networker050184

tiersten wrote: »

No idea about your WSUS problem but what your company did is just bizarre and mind boggling. People who are no longer employed by your company were given their workstations which they have admin access to and which may possibly contain company data and they still connect to your network/domain? Who in management came up with that brilliant idea?

Really, what in the hell is going on where you work?!?!

crrussell3

I guess I am a little bit confused by what you mean "stop wsus reporting"? If the pc is no longer physically connected to your network, they cannot pull updates from your corporate wsus servers. The workstations in question will no longer receive automatic updates, as they must manually run windows update.

If you mean how do you get those workstations out of wsus so they no longer show up, just manually remove them like you would in ADUC. This way they will no longer show up as not reporting, missing updates, etc.

That is a very weird situation that brings up more problems than one could imagine. Not only are you out hardware assets, but also software/os licensing, possible corporate data "stolen" (copied files, offline files, etc).

CompuTron99

I agree with all of you 110%.

I wasn't involved with any of this. These computers were given out before a merger, now I have to be the one to clean it up. It was a mixure of an out-the-door IT manager and management that had no clue.

I hope my post doesn't make anyone think differently of me.

CCrussell3: The computers are setup to report to an WSUS server address outside of the firewall. i.e: https:\\update.my-wsus.###

tiersten

CompuTron99 wrote: »

It was a mixure of an out-the-door IT manager and management that had no clue.

Ah. Combination of don't care anymore and no clue.

CompuTron99 wrote: »

I hope my post doesn't make anyone think differently of me.

Nope. You already said that IT hadn't been warned about this.

CompuTron99 wrote: »

CCrussell3: The computers are setup to report to an WSUS server address outside of the firewall. i.e: https:\\update.my-wsus.###

If they're no longer actually connecting to your network and you don't have them in the domain then I'm not sure how you'd push out the update for the registry keys. Emailing the users and telling them to run something on your behalf probably isn't going to get a good response since they won't be inclined to help you.

Why is your WSUS server externally visible anyway?

The best option I guess would be to change the address of your WSUS server...

blargoe

The only way you will be able to make this stop is to change the hostname that you're giving out for external access to your WSUS server and change the configuration of the computers that should legitimately be connecting to it. The computers that were given away would keep trying to connect to a hostname that doesn't exist (still isn't optimal), but if you can't manage those machines any more then you don't have another choice.

That said, wtf? No one wiped the machines? Someone from your department need to raise holy hell if they haven't already.

Hyper-Me

Change hostname, change the GPO that defines the WSUS settings, then they wont hit it anymore.

I agree though, it makes no sense to give the machines away, and even less sense that they weren't wiped.

crrussell3

CompuTron99 wrote: »

I agree with all of you 110%.

CCrussell3: The computers are setup to report to an WSUS server address outside of the firewall. i.e: https:\\update.my-wsus.###

Ah my bad, didn't think there would be that wrench in the mix also.

mikedisd2

Well I guess this would have to win the "Dumbest Management Decision" award here.

Obdurate

phoeneous wrote: »

Why? Hopefully you disabled cached credentials.

Was the wsus address pushed out by gpo or lgpo? You can remove hosts from wsus by simply right-clicking on them and choosing 'Delete'. Unless the wsus address was manually added or set via lgpo, they shouldn't show up again.

And tell your management I said that they are fired. Pack their things and escort them out of the building immediately.

I have to go with this post -- if you delete a computer out of WSUS, the computer does not look for WSUS again (unless you do some registry hacks which I found the hard way).

And if it does, then my second suggestion is to block them at the firewall.

~Obdurate~