Escolar Documentos
Profissional Documentos
Cultura Documentos
There are a few command-line tools that can help you identify problems, query for information, or
speed up the detection update process. The following is a list of these tools:
■ WSUS Client Diagnostics Tool (ClientDiag.exe) Downloadable from Microsoft's Web site.
■ Gpudate.exe and Secedit.exe Gpupdate.exe is part of Windows XP and Windows Server 2003 source
code. Secedit.exe is built into Windows 2000 source code.
■ Gpresult.exe and RSoP.msc Gpresult.exe is part of the Windows 2000 Resource Kit, Supplement 1,
and RSoP (RSoP.msc) is part of Windows XP and Windows Server 2003 source code.
■ Srvinfo.exe and Uptime.exe Part of the Windows 2000 and 2003 Resource Kits.
■ Reg.exe Part of the source code in Windows XP and Windows Server 2003, and part of the Windows
2000 Resource Kit, Supplement 1.
The WSUS Client Diagnostic Tool is a simple utility that provides the status of your AU client, its
configuration, and its ability to connect to your WSUS server. The ClientDiag.exe utility has only one
command-line parameter, which is used to dump the results to the ClientDiag.log log file in addition to
displaying it on the screen.To run the diagnostic tool this way, type ClientDiag.exe /t. (A successful
run of the utility is shown in Figure 7.27.) The WSUS server location in the registry was changed to
show you what might happen if there is a problem resolving or contacting your WSUS server by name
(see Figure 7.28).
C:\>clientdiag -
Checking for admin eights to vim tool PASS PASS PASS Scheduled Install
PASS
PASS Option is froii Policy
Background Intelligent Transfer Service is not
running. settings
This version is WSUS 2.0
User IE ProxyByPass
Connection to server
C:\>clientdiag
Checking for uinhttp local nachine Proxy settings . . . PASS Uinhttp local machine access type (Direct
Connection}
UerifyMJSerwerURLO failed with hr=0x800?2ee? The server- nane or address could not be resolued
The ClientDiag.exe utility can be downloaded from Microsoft.com/downloads or from the official home
of WSUS at http://www.microsoft.com/windowsserversystem/updateservices.
Speeding Up Group Policy and Client Detection
By default, Group Policy is set to update clients every 90 minutes with a random offset. If you want to
speed this up because you need to push out WSUS client configuration changes quicker, consider
using the following commands to force a client policy update. To revisit commands that were run
earlier, you can use both gpudate.exe and secedit.exe to force your clients to pull new Group Policy
settings.
For Windows XP and Windows Server 2000 machines, run the following command:
To force a client detection update from your WSUS server, type the following built-in AU client
command:
Wuauclt.exe /detectnow
When setting up large server environments, you usually end up with a very complex OU and Group
Policy configuration. When different groups of servers have different downtime schedules, the
development server clients need different WSUS client settings, productions servers, and so on.
Consequently, you may find yourself with some GPO conflict.To show the final set of policies for your
WSUS clients, and depending on the client version, you can use one of the following tools.
Gpresult.exe is a command-line utility with switch options that print out all of the policies that the
machine has applied or denied. Following is the syntax for this command:
Use the /C switch when troubleshooting GPO issues with your WSUS settings, to speed up the
computation output.
Windows XP and Windows Server 2003 have a much richer graphical tool for displaying the RSoP
Microsoft Management Console (MMC) snap-in console, which can be accessed by typing Start | Run |
rsop.msc (see Figure 7.29).
I 1 Console Root
0-Jf administrator onWINDOWSXP - RSc H -jjp Computer Configuration S-di Software Settings S-di
Windows Settings El- LJ Administrative Templates B LJ Windows Components Windows Update B-jjP
User Configuration S-LJ Software Settings lil-Pl Windows Settings ^
Setting
State
GPO Name
\ Extended Standard /
WSUS for Workstations Common WSUS Settings WSUS for Workstations WSUS for Workstations
Common WSUS Settings Common WSUS Settings
The snap-in looks like you are looking at the Group Policy Editor; however, only a subset of the
components are displayed. The snap-in only shows what has been configured on the machine based
on the policies pushed down to it. Where gpresult.exe is good for only showing polices that a client
machine receives, the RSoP snap-in shows both of the settings that a client receives and the policy
where the settings were obtained.
The following is a list of some miscellaneous commands that can be used for WSUS client
troubleshooting and the day-to-day maintenance of a WSUS environment.
Regsvr32.exe is a Windows dynamic link library (DLL) registration utility. If your WSUS client does not
seem to be functioning correctly, try unregistering and reregistering your AU client DLL file by running
the following from a command-line window:
Srvinfo.exe and uptime.exe are two resource kit utilities that allow you to obtain system uptime from
a remote command prompt. This is good for quickly checking whether a system that you expect to
reboot after a patch update has in fact rebooted, and how long it has been up since its reboot. The
following is the syntax for both commands:
Notice that the uptime.exe utility does not require a prepending \\ like srvinfo.exe does. Lastly,
command utility reg.exe has been shown to be a very handy utility for querying remote registry keys.
It can also be used in a massive batch file to quickly enumerate and audit an existing WSUS client
environment for re-verification that all of the clients are set up correctly.