Share via


How to Configure Group Policy on Client Computers

Before the Windows Update Agent (WUA) 3.0 on computers will scan for updates that were created and published with the System Center Updates Publisher, a Group Policy setting must be enabled to allow signed content from an intranet Microsoft update service location. When the policy setting is enabled, WUA 3.0 will accept updates received through an intranet location if the updates are signed in the Trusted Publishers certificate store on the local computer. There are several methods for configuring Group Policy on computers in the environment.

Note

The Group Policy is available only to computers that have WUA 3.0 installed.

For computers that are not on the domain, a registry key setting can be configured that will allow signed content from an intranet Microsoft update service location.

The following procedures provide the basic steps that can be used to configure Group Policy for computers on the domain and a registry key value on computers that are not on the domain.

To configure the Group Policy to allow WUA 3.0 on computers to scan for published updates

  1. Open the Group Policy Object Editor Microsoft Management Console (MMC) snap-in with a user that has the appropriate security rights to configure Group Policy.

  2. Click Browse and select the domain, OU, or GPOs linked to the site where the configured Group Policy will propagate to the desired client computers. Click OK, click Finish, click Close, and then click OK.

  3. Expand the selected policy setting in the console tree, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.

  4. In the results pane, right-click Allow signed content from intranet Microsoft update service location, click Properties, click Enabled, and then click OK.

To configure the registry key to allow WUA 3.0 on computers to scan for published updates

  1. Open the Registry Editor on the computer.

  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate

  3. Right click AcceptTrustedPublisherCerts, and then click Modify.

  4. In the Edit DWORD Value dialog box, type 1 for the Value data, click Decimal for the Base, and then click OK.

See Also

Tasks

How to Configure the Digital Certificate on Client Computers
How to Configure the Digital Certificate on the Update Server
How to Configure the Update Server

Concepts

Updates Publisher Administrator Checklist