How to manually point servers in the DMZ to WSUS server for updates

The servers in the DMZ are not part of the domain and you must manually point them to WSUS if you want WSUS to manage their updates.
To do so:
Log into the server which is in the DMZ as an administrator
Go to Run and enter the following command: gpedit.msc
                (this is the local group policy)
When it opens, navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update
The following need to be enabled and edited:
1)      Configure Automatic Updates
  • Enabled
  • Configure automatic updating: 3 – Auto download and notify for install
  • Scheduled install day: 0 – Every day
  • Scheduled install time: 15:00
2)      Specify intranet Microsoft update service location
  • Enabled
  • Set the intranet update service for detecting updates:
  • Set the intranet statistics server:
3)      Automatic Updates detection frequency
  • Enabled
  • Check for updates at the following interval (hours): 1
Now open a Command Prompt and run the following command:
                Wuauclt /detectnow
                This will force the server to report to the WSUS server
Note: after installing WSUS and after a week or two and machines are still showing as “Not yet reported,” then install WSUS SP2. (

Leave a Reply

Your email address will not be published. Required fields are marked *