HP 4320t Using Microsoft® Baseline Security Analyzer 2.2 and Windows& - Page 21

How to Enable Windows Update, HKEY Local Machine, HKEY Current User - support

Get HP 4320t - Mobile Thin Client PDF manuals and user guides View all HP 4320t manuals
Add to My Manuals
Save this manual to your list of manuals

Page 21 highlights

• The device is end user-managed-not IT-managed. • More than one reboot may be required to complete full installation of QFEs on WES 7. • Modifications of system environment variables may be required to install QFEs and the restore system to prior state. • The Windows Update agent will be disabled via system policies by default in the HP WES 7 image. HP recommends that HP customers use the Microsoft Base Line Security Analyzers to identify needed QFEs, and then utilize a server push model to deliver QFEs and updates to deployed units. Preferably, all QFEs and updates would be pretested and qualified against a Golden Master image before being mass deployed. HP strongly recommends this model to prevent QFEs and updates from corrupting or adversely modifying deployed images. See Microsoft Baseline Security Analyzer 2.2 for more information. How to Enable Windows Update The following section explains how to enable Windows Update on HP WES 7 images. Two OS policies need to be disabled before Windows Update website will recognize and communicate with the client system. One policy is a global system policy in HKEY Local Machine and the other is user profile-specific that needs to be disabled on each user profile on the system: HKEY Local Machine HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio n\Policies\WindowsUpdate 1. DisableWindowsUpdateAccess = REG_DWORD 0x00000001 2. Change DWORD to 0 to disable. 3. Change DWORD to 1 to enable. HKEY Current User HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer 1. NoWindowsUpdate = REG_DWORD 0x00000001 2. Change DWORD to 0 to disable. 3. Change DWORD to 1 to enable. A reboot is required after changing registry settings to enable support. If the File-Based Write Filer (FBWF) is enabled, remember to disable to the write filer before making any registry changes. If the Enhanced Write Filter (EWF) is enabled, either disable the write filter before making registry modifications or commit the overlay after making registry changes so the settings are persisted. 21

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
21
The device is end user-managed—not IT-managed.
More than one reboot may be required to complete full installation of QFEs on
WES 7.
Modifications of system environment variables may be required to install QFEs
and the restore system to prior state.
The Windows Update agent will be disabled via system policies by default in
the HP WES 7 image.
HP recommends that HP customers use the Microsoft Base Line Security Analyzers to
identify needed QFEs, and then utilize a server push model to deliver QFEs and
updates to deployed units. Preferably, all QFEs and updates would be pretested
and qualified against a Golden Master image before being mass deployed. HP
strongly recommends this model to prevent QFEs and updates from corrupting or
adversely modifying deployed images.
See
Microsoft Baseline Security Analyzer 2.2
for more information.
How to Enable Windows Update
The following section explains how to enable Windows Update on HP WES 7
images.
Two OS policies need to be disabled before Windows Update website will
recognize and communicate with the client system. One policy is a global system
policy in HKEY Local Machine and the other is user profile-specific that needs to be
disabled on each user profile on the system:
HKEY Local Machine
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio
n\Policies\WindowsUpdate
1.
DisableWindowsUpdateAccess =
REG_DWORD 0x00000001
2.
Change
DWORD
to
0
to disable.
3.
Change
DWORD
to
1
to enable.
HKEY Current User
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Policies\Explorer
1.
NoWindowsUpdate = REG_DWORD 0x00000001
2.
Change
DWORD
to
0
to disable.
3.
Change
DWORD
to
1
to enable.
A reboot is required after changing registry settings to enable support.
If the File-Based Write Filer (FBWF) is enabled, remember to disable to the write
filer before making any registry changes.
If the Enhanced Write Filter (EWF) is enabled, either disable the write filter before
making registry modifications or commit the overlay after making registry changes
so the settings are persisted.