WSUS / Automatic Updates Question

A

Aslander

Limp Gawd
Joined
Nov 16, 2005
Messages
181
Hi all,

I am currently in the process of implementing a WSUS server into our domain. I have the majority of everything set up, and am getting ready to change the group policies for the specific groups I want to apply this to.

My question is this: WSUS will allow updates to be applied to computers without the local users on the computer having Admin priviledges, right? Basically, mostly everyone uses Windows XP, and they are set up as standard Users on the systems. I want to be able to force updates without having to go to their computer and log on as an administrator to accept the updates. Hopefully WSUS allows this, and if so, where do I change the settings to work best for my set-up? Would this be one of the options in the Windows Update section of the GPO, or is the update allowed automatically since it is coming from a server that I have approved the updates from?

Thanks for your help in advance!
 
once you set the GPO the computer will install the update according to your schedule that you setup in WSUS. no need to login as administrator.

You didn't need to login as administrator before if you had it set to install automatically.
 
Yes, you don't have to be logged in as a local admin in order for updates to be installed. What you say with forcing updates however, is slightly incorrect. WSUS enabled PC's pull updates from your WSUS server at a defined interval in your GPO. But anyways... you have two options for installing updates:

1. Unattended
2. With user logged in

If you want users to be able to control when to install updates, make sure you set the GPO that allows non-admin users to receive update notifications. In addition, set the GPO that specifies whether you want to download the updates and install manually or automatically.

In my environment, I have updates installed automatically at night, but I have automatic restart disabled.
 
Okay, thanks, I will go ahead and apply the GPO when I get to work tomorrow.
 
Okay, I'm still having trouble getting the computers to display on the WSUS console.

Here is what I did:

Set up a new GPO for the domain and under Computer Configuration/Administrative Templates/Windows Components/Windows Update, I set Configure Automatic Updates to Auto Download and Schedule Install and the intranet MS Update service location to the WSUS server.

We have remote laptop users that aren't on our campus usually, so I didn't want them to try and access our WSUS server, so I created a new group and added all of the computers that were local desktops to it instead of adding users to it.

I then added this group to the security of the group policy and checked the boxes for Read, and Apply Group Policy.

Does this sound like the right way to implement it? I am trying to teach most of this stuff to myself, being a lowly 22 year old.

TIA!
 
install the Group Policy Managment Console. and do a RSOP on the traget machines to see if they are getting the GPO settings applied.
 
Okay, the local computers are starting to show up on the WSUS console. Do I have to push updates to the systems, or will they automatically update when they check for updates? Users do not have administrative priviledges on their local systems.
 
IF you have the patches approved then they will automatically do what you specified in the GPO, if you dont approve any patches then nothing will happen.
 
Okay, so since I specified Auto Download and Schedule install in the GPO, it won't matter if they don't have admin rights, it will install them anyways at the scheduled time?
 
You must log in or register to reply here.
Back
Top