automatic updates on active directory client

Discussion in 'Networking & Security' started by Mister Natural, Feb 14, 2007.

  1. Mister Natural

    Mister Natural 2[H]4U

    Messages:
    3,479
    Joined:
    Oct 10, 2002
    I have group policy set for users to acquire automatic updates on their machines and to install at 3AM. Just like the default setting on standalone machine. What I've noticed though is the pc's are installing some but not all the available updates. I'm trying to figure out why the machines are not downloading and installing all critical updates automatically. Is this because some updates require the user to be logged with administrator priviledge? I have a few people that have admin priviledge on their pc, but most have user priviledge.
     
  2. pcgeek86

    pcgeek86 Limp Gawd

    Messages:
    271
    Joined:
    Feb 14, 2007
    The AU client's log file resides in the following location: %WINDIR%\WindowsUpdate.log

    I suggest you peruse through that for any indication of the problem. Is this affecting all of your clients, or just a subset of them?

    "most have user privilege"

    Good, don't change this, because they don't need to be Administrators. Whatever you do, do not make them admins.
     
  3. MorfiusX

    MorfiusX 2[H]4U

    Messages:
    3,007
    Joined:
    Feb 13, 2004
    Are you using WSUS?
     
  4. Mister Natural

    Mister Natural 2[H]4U

    Messages:
    3,479
    Joined:
    Oct 10, 2002
    No, but considering it. I didn't want to run that on my primary server. I have another server now which runs SQL and acts as a bdc. Considering it as a candidate to run wsus.

    I checked the windowsupdate.log file on the problematic machines and those files are out of date. (not current) It appears automatic update is not running properly on those machines or it is a permission issue related to the user account.

    edit: I just found one machine with the user running as an admin and his log file is out of date also. Windows Update service is running on the machines.
     
  5. pcgeek86

    pcgeek86 Limp Gawd

    Messages:
    271
    Joined:
    Feb 14, 2007
    It sounds like you need to do some reading on systems administration. The user account logged in has nothing to do with the background service doing what it was configured to do, period, end of story. The only effect the logged on user has, is whether or not they will get update notifications from the icon in the system tray.

    There are most likely two files in the %WINDIR% folder ... one is named "Windows Update.log". The other is named "WindowsUpdate.log" ... you want the latter, and I'm guessing from your statement that the file is out of date, that you are looking at the incorrect file.

    You also didn't indicate whether or not this is affect all of your clients? How many clients do you have?
     
  6. MorfiusX

    MorfiusX 2[H]4U

    Messages:
    3,007
    Joined:
    Feb 13, 2004
    There are a number of issues than can occur involving automatic updates. Try manually running the updates to see if they work automatically after that.
     
  7. Mister Natural

    Mister Natural 2[H]4U

    Messages:
    3,479
    Joined:
    Oct 10, 2002
    I am able to run windows update manually on the pc's when logged in as an administrator.

    One thing to note we do have Microsoft Update installed on the computers, not just Windows Update. I know on some of the computers I did not proceed with a manual update after installing Microsoft Update. Not sure if this is an issue.

    I double checked the log files mentioned. Some have both windowsupdate.log and windows update.log, others only have one of those files. In some cases the windowsupdate.log is up to date and on some both files are way out of date. Some dating back to 2006 and even 2004. Others are fine and up to date. I haven't determined exactly how many are working and how many are not just yet. I have around 60 computers to check.

    Mr geek I don't think you understood my comment previously about the windows update service running. It's certainly worth checking to make sure that service is running if the computers are not updating properly. I figured someone would ask that, so I provided the information ahead of time.

    I'll be working Saturday anyway doing upgrades on our Alpha so we'll be updating all the pc's manually at that time and see how it goes.