Dec 23 2019 12:16 PM
I saw a similar post from a couple of years ago, but wanted to see if anything has changed since then.
We use WSUS features of SCCM to push monthly patches to all workstations, so we have specified an intranet Microsoft Update service location. That has worked great for years, but now we have users trying to install apps from the Microsoft Store and getting errors that they need to enable Windows Update. I'm assuming that is because it can't find the app info on our internal SCCM server.
Is there any way to allow the Microsoft Store to use the default Windows Update settings, while keeping the Windows Update settings pointed at our WSUS server?
Dec 24 2019 01:41 AM
Hi,
I really would like to know the answer too!
because I know you can limit the store apps to only those your employees need but I didn't know if you use WSUS, you won't be able to use Windows store.
would you mind mentioning which Windows 10 version you are using? thanks
Feb 27 2023 03:48 AM
Hi there,
have you both found any way to make this work?
We are currently facing the exact same problem in our Windows environment.
Thanks in advance!
Feb 27 2023 06:07 AM
@jsimon_1 We actually created a simple workaround that temporarily disables our internal WSUS settings to allow Microsoft Store apps, and then reverts back to our internal settings when you're done with the MS Store.
There are two .reg files to turn the Windows Update internal settings on/off:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000000
The 0 dword value will ignore any other WSUS registry customizations for accessing an internal server. Our other .reg file is the same thing, but dword value of 1 to change back to using internal WSUS settings.
Then we have a batch file to stop the Windows Update service, change the registry keys, and restart the service.
CLS
@ECHO OFF
color E0
net stop "Windows Update"
REGEDIT /S "%~dp0ExternalWSUS.reg"
net start "Windows Update"
CLS
ECHO.
ECHO Windows update settings have been unlocked
ECHO ------------------------------------------
ECHO You can now check for Microsoft Windows Updates and/or use the Microsoft App Store.
ECHO Un-Pause to reset.
ECHO.
PAUSE
CLS
color A0
net stop "Windows Update"
REGEDIT /S "%~dp0InternalWSUS.reg"
net start "Windows Update"
CLS
ECHO.
ECHO Windows update settings have been reset
ECHO ---------------------------------------
ECHO.
PAUSE
It's an extra step to remember or train users on, but we weren't able to find any other way to allow both internal WSUS -and- Microsoft Store at the same time.
Feb 27 2023 08:20 AM
Hi, thank you very much for your quick (and unexpected) in-depth reply.
I'll be working on implementing this workaround in our environment aswell.
I wonder if Microsoft is aware of this dilemma of companies wanting to use the Microsoft Store while at the same time hosting monthly Windows-Updates on-prem. There has to be an easy solution to this, right? Like a policy to "Allow the Microsoft Store to bypass WSUS group policies and download apps and updates from internet sources".
Jun 10 2023 09:59 AM
@jsimon_1 I'm chiming in a little bit late, but I can confirm that this does work on a domain-joined Windows 11 machine that lives behind a WSUS server, and after the batch file has completed, the workstation is once again happily protected by the WSUS server.
It let me update all of the Microsoft store apps without having to disjoin the workstation from the domain in order to run the Microsoft Store updates.
Thanks for the tip (and for providing the batch file template).
Mar 26 2024 04:48 AM
Apr 08 2024 11:28 PM
Apr 16 2024 02:23 AM