Configure Automatic Updates in a Non–Active Directory Environment

To setup a WSUS server on a workgroup server, you need to alter the register.

You can find the register keys here: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

AU register settings are in the key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

For more information on keys you can follow the next link:

 With the command “wuauclt.exe /detectnow” you can let the WSUS server detect your machine faster.

Send the queued information directly to the wsus server with: “wuauclt /r /reportnow”

Show %computername% instead off “my computer” on the desktop

Locate the key [HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Rename the value named “LocalizedString” to “LocalizedString.old”. Create a new REG_EXPAND_SZ value named “LocalizedString”, and set the value to “%USERNAME% or %COMPUTERNAME%”.

Exit the registry editor, click on your desktop and press F5 (for refresh). The “My Computer” icon should now be rename to “Username on Computername”.

On Windows 2008 you do not have enough permissions to change the key. Take ownership of the key and you can change it.

How to check local excluded dir’s in a Managed SAV environment

On a local machine you can check the excluded directories off Symantec Anti Virus in the following registry key:



For Windows 2008 (64Bit) and Symantec Endpoint Protection (SEP) 11, look at the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Directory\Admin

TCP Keep-Alive Messages

When a windows client is connected to a server, disconnects are experienced.

This is because the client does not communicate (default 2 hours) whith the server and then other devices (like a firewall with a 1 hour inactive disconnect setting) disconnects the session.

You can change the keep alive settings as follows:

  1. Open the register
  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  3. Add/Change the Keepalive time


    Value Type: REG_DWORD – Time in milliseconds
    Valid Range: 1 – 0xFFFFFFFF
    Default: 7,200,000 (two hours)
    Description: The parameter controls how frequently TCP tries to verify that an idle connection is still intact by sending a keepalive packet. If the remote computer is still reachable and functioning, the remote computer acknowledges the keepalive transmission. By default, keepalive packets are not sent. A program can turn on this feature on a connection.

Microsoft knowledgebase 314053

Wrong preferred DNS server (BIND) with VPN client

When you are connected with VPN to your work network, some dns names are resolving to the wrong number. This is because you are using the wrong preferred dns.

When typing nslookup, you see that the used DNS server is the dns server from your networkcard and not the VPN dns server.

Look with ipconfig /all” for the name of your vpn network interface, then go to the following key in the register:


Make sure the name of your network interface is on top of the bind sequence. This should set your preferred DNS to your VPN DNS server.