cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

SirDesktop
Copper Contributor

‎Dec 23 2019 12:16 PM

‎Dec 23 2019 12:16 PM

Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

I saw a similar post from a couple of years ago, but wanted to see if anything has changed since then.

We use WSUS features of SCCM to push monthly patches to all workstations, so we have specified an intranet Microsoft Update service location. That has worked great for years, but now we have users trying to install apps from the Microsoft Store and getting errors that they need to enable Windows Update. I'm assuming that is because it can't find the app info on our internal SCCM server.

Is there any way to allow the Microsoft Store to use the default Windows Update settings, while keeping the Windows Update settings pointed at our WSUS server?

9,070 Views
2 Likes
8 Replies
Reply
8 Replies
HotCakeX

‎Dec 24 2019 01:41 AM

‎Dec 24 2019 01:41 AM

Re: Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

@SirDesktop 

Hi,

I really would like to know the answer too!

 

because I know you can limit the store apps to only those your employees need but I didn't know if you use WSUS, you won't be able to use Windows store.

 

would you mind mentioning which Windows 10 version you are using? thanks

1 Like
Reply
jsimon_1

‎Feb 27 2023 03:48 AM

‎Feb 27 2023 03:48 AM

Re: Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

@SirDesktop @HotCakeX 

 

Hi there,

 

have you both found any way to make this work?

We are currently facing the exact same problem in our Windows environment.

 

Thanks in advance!

0 Likes
Reply
dsixsmith

‎Feb 27 2023 06:07 AM

‎Feb 27 2023 06:07 AM

Re: Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

@jsimon_1 We actually created a simple workaround that temporarily disables our internal WSUS settings to allow Microsoft Store apps, and then reverts back to our internal settings when you're done with the MS Store.

There are two .reg files to turn the Windows Update internal settings on/off:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000000

 The 0 dword value will ignore any other WSUS registry customizations for accessing an internal server. Our other .reg file is the same thing, but dword value of 1 to change back to using internal WSUS settings.

Then we have a batch file to stop the Windows Update service, change the registry keys, and restart the service.

CLS
@ECHO OFF
color E0
net stop "Windows Update"
REGEDIT /S "%~dp0ExternalWSUS.reg"
net start "Windows Update"
CLS
ECHO.
ECHO Windows update settings have been unlocked
ECHO ------------------------------------------
ECHO You can now check for Microsoft Windows Updates and/or use the Microsoft App Store.
ECHO Un-Pause to reset.
ECHO.
PAUSE
CLS
color A0
net stop "Windows Update"
REGEDIT /S "%~dp0InternalWSUS.reg"
net start "Windows Update"
CLS
ECHO.
ECHO Windows update settings have been reset
ECHO ---------------------------------------
ECHO.
PAUSE

It's an extra step to remember or train users on, but we weren't able to find any other way to allow both internal WSUS -and- Microsoft Store at the same time.

1 Like
Reply
jsimon_1

‎Feb 27 2023 08:20 AM

‎Feb 27 2023 08:20 AM

Re: Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

@dsixsmith 

 

Hi, thank you very much for your quick (and unexpected) in-depth reply.

I'll be working on implementing this workaround in our environment aswell.

 

I wonder if Microsoft is aware of this dilemma of companies wanting to use the Microsoft Store while at the same time hosting monthly Windows-Updates on-prem. There has to be an easy solution to this, right? Like a policy to "Allow the Microsoft Store to bypass WSUS group policies and download apps and updates from internet sources".

0 Likes
Reply
Aaron_Kennedy

‎Jun 10 2023 09:59 AM

‎Jun 10 2023 09:59 AM

Re: Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

@jsimon_1 I'm chiming in a little bit late, but I can confirm that this does work on a domain-joined Windows 11 machine that lives behind a WSUS server, and after the batch file has completed, the workstation is once again happily protected by the WSUS server.

 

It let me update all of the Microsoft store apps without having to disjoin the workstation from the domain in order to run the Microsoft Store updates.

 

Thanks for the tip (and for providing the batch file template).

0 Likes
Reply
Evgeniy_Zakatimov

‎Mar 26 2024 04:48 AM

‎Mar 26 2024 04:48 AM

Re: Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

за эту проблему отвечает настройка в групповой политике AD-DC, на сервере домен контроллера заходим в редактор GPO
Computer Configuration -> Policies-> Administrative templates-> Windows Component-> Windows Update
(Конфигурация компьютера -> Административные шаблоны -> Компоненты Windows -> Центр обновления Windows).
read the description and configure the section "Do not connect to any windows update internet location"
I turned off this item

в ней есть пункт "не подключаться к расположениям Центра обновления Windows в Интернете", прочитайте настройки и выберите нужный вариант, я отключил этот пункт.
0 Likes
Reply
Edwordprik

‎Apr 08 2024 11:28 PM

‎Apr 08 2024 11:28 PM

Re: Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

Yes, there is a way to enable the Microsoft Store while keeping WSUS pointed at your internal SCCM server.

One potential solution is to use Group Policy to configure both settings separately. To do this, follow these steps:

1. Open the Group Policy Editor on your domain controller or local computer by running gpedit.msc.

2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update.

3. Enable the "Turn off access to all Windows Update features" policy setting to ensure that your computers will use the WSUS server for patching.

4. Navigate to Computer Configuration > Administrative Templates > Windows Components > Store.

5. Enable the "Turn off the Store application" policy setting to disable the Microsoft Store.

6. Close the Group Policy Editor and open the Registry Editor by running regedit.

7. Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

8. Create a new DWORD value called "DisableWindowsUpdateAccess" and set its value to 0.

9. Close the Registry Editor and restart your computer.

These steps should enable your computers to continue using your WSUS server for patching while also allowing users to access the Microsoft Store.

Note that you may need to configure additional policy settings to customize how the Microsoft Store operates on your computers, such as disabling app updates or configuring app installations.
0 Likes
Reply
JeamKOM

‎Apr 16 2024 02:23 AM

‎Apr 16 2024 02:23 AM

Re: Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server

Use Group Policy to Allow Access to Microsoft Store. You can use Group Policy to allow access to the Microsoft Store while still keeping WSUS configured for Windows Updates.
Open the Group Policy Management Editor and navigate to:
Computer Configuration\Administrative Templates\Windows Components\Store
Enable the policy setting "Turn off the Store application" and set it to "Disabled" or "Not Configured."
This will allow users to access the Microsoft Store and install apps from there.
0 Likes
Reply