Forum Discussion
Enable Microsoft Store while keeping WSUS pointed at our internal SCCM server
I saw a similar post from a couple of years ago, but wanted to see if anything has changed since then.
We use WSUS features of SCCM to push monthly patches to all workstations, so we have specified an intranet Microsoft Update service location. That has worked great for years, but now we have users trying to install apps from the Microsoft Store and getting errors that they need to enable Windows Update. I'm assuming that is because it can't find the app info on our internal SCCM server.
Is there any way to allow the Microsoft Store to use the default Windows Update settings, while keeping the Windows Update settings pointed at our WSUS server?
Hi,
I really would like to know the answer too!
because I know you can limit the store apps to only those your employees need but I didn't know if you use WSUS, you won't be able to use Windows store.
would you mind mentioning which Windows 10 version you are using? thanks
Hi there,
have you both found any way to make this work?
We are currently facing the exact same problem in our Windows environment.
Thanks in advance!
jsimon_1 We actually created a simple workaround that temporarily disables our internal WSUS settings to allow Microsoft Store apps, and then reverts back to our internal settings when you're done with the MS Store.
There are two .reg files to turn the Windows Update internal settings on/off:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "UseWUServer"=dword:00000000The 0 dword value will ignore any other WSUS registry customizations for accessing an internal server. Our other .reg file is the same thing, but dword value of 1 to change back to using internal WSUS settings.
Then we have a batch file to stop the Windows Update service, change the registry keys, and restart the service.CLS @ECHO OFF color E0 net stop "Windows Update" REGEDIT /S "%~dp0ExternalWSUS.reg" net start "Windows Update" CLS ECHO. ECHO Windows update settings have been unlocked ECHO ------------------------------------------ ECHO You can now check for Microsoft Windows Updates and/or use the Microsoft App Store. ECHO Un-Pause to reset. ECHO. PAUSE CLS color A0 net stop "Windows Update" REGEDIT /S "%~dp0InternalWSUS.reg" net start "Windows Update" CLS ECHO. ECHO Windows update settings have been reset ECHO --------------------------------------- ECHO. PAUSEIt's an extra step to remember or train users on, but we weren't able to find any other way to allow both internal WSUS -and- Microsoft Store at the same time.
Hi, thank you very much for your quick (and unexpected) in-depth reply.
I'll be working on implementing this workaround in our environment aswell.
I wonder if Microsoft is aware of this dilemma of companies wanting to use the Microsoft Store while at the same time hosting monthly Windows-Updates on-prem. There has to be an easy solution to this, right? Like a policy to "Allow the Microsoft Store to bypass WSUS group policies and download apps and updates from internet sources".
jsimon_1 I'm chiming in a little bit late, but I can confirm that this does work on a domain-joined Windows 11 machine that lives behind a WSUS server, and after the batch file has completed, the workstation is once again happily protected by the WSUS server.
It let me update all of the Microsoft store apps without having to disjoin the workstation from the domain in order to run the Microsoft Store updates.
Thanks for the tip (and for providing the batch file template).
- за эту проблему отвечает настройка в групповой политике AD-DC, на сервере домен контроллера заходим в редактор GPO
Computer Configuration -> Policies-> Administrative templates-> Windows Component-> Windows Update
(Конфигурация компьютера -> Административные шаблоны -> Компоненты Windows -> Центр обновления Windows).
read the description and configure the section "Do not connect to any windows update internet location"
I turned off this item
в ней есть пункт "не подключаться к расположениям Центра обновления Windows в Интернете", прочитайте настройки и выберите нужный вариант, я отключил этот пункт.
