WSUS – DMZ Server

I have a virtual machine in a DMZ which is not part of my Active Directory domain however I want to configure it to point at my internal Windows Server Update Services VM (WSUS) server for patching. If it had been in AD I would have deployed a GPO however that not being an option I resorted to a registry change.

Note all firewall rules were in place to allow the flow of traffic between WSUS and the DMZ VM.

The above changes force the server to connect to my specified WSUS along with a few configs for whether to auto-install etc. This works out really well as it allows me to leverage WSUS for deploying updates and also reduces the number of ingress points I have to open on the firewall for that DMZ VM which can only be a good thing.

If you would like to do something similar then just copy the code block above into a text file, alter the file extension to be .reg WSUS Reg File and then right click and select Merge. You will probably be prompted with at least one dialog box/UAC pop up – accept these and you should be good to go.

It’s a quick simple method however there are alternate ways such as the reg command or PowerShell.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.