Particularly for servers in which IE Enhanced Security Configuration is enabled, you need to have all the Windows Update/Microsoft Update URLs in your "Trusted Sites" list in order to use the site.
(Furthermore, for domain member servers where Group Policy enforces Internet Explorer's list of "Trusted Sites", you don't have the option to edit the Trusted Sites yourself... so all the necessary URLs should be listed in the GPO.)
So, what is the full list of URLs I'll need in IE's Trusted Sites? So far I have the following:
- http(s)://*.update.microsoft.com
- http://download.windowsupdate.com
- http://windowsupdate.microsoft.com
I seem to remember there being several more...
KB836941 suggests these addresses:
Better still:
I did a little more digging and found the following.
From KB836941 that @joequerty found:
http://*update.microsoft.com
https://*update.microsoft.com
http://download.windowsupdate.com
From an MS MVP's WSUS blog:
http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://download.windowsupdate.com
http://*.download.windowsupdate.com
http://*.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
Not required for Windows Update, but could also be useful:
http://office.microsoft.com/officeupdate
Combined with the wildcard rules in KB184456, I get the following:
*://*update.microsoft.com
*://*.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://office.microsoft.com
Hope that helps someone out there!
Make it easy:
http://*.microsoft.com
http://*.windowsupdate.com
Repeat above with https.
Even better: