ChipM0nk,

I mentioned "I have tried to run the updates manually as a user, Domain Admin and Local Admin and with all users I get the error:", etc.

Andrew

Have you thought about SUS:

http://www.microsoft.com/windowsserversystem/sus/default.mspx

SUS alllows you to deploy patches automatically.

There seems to be a known issue with KB840374 and other patches with Group Policy settings.   See here for solution:

http://www.dslreports.com/forum/remark,10560543

Hope this helps.

See also:

http://text.broadbandreports.com/forum/remark,10416240~mode=flat

gidds99,

SUS is only a reaplcement for the Microsoft hosting of the patches. It would only stop multiple users from hitting the windowsupdate site. I dont see how it would help in this problem.

That aside, the log fle in C:\Windows does reveal some interesting information:

0.141: 2004/07/07 18:29:51.781 (local)
0.141: c:\cee4f1993fd886a67a84dadcc16388\update\update.exe (version 6.1.1.0)
0.141: Failed To Enable SE_TAKE_OWNERSHIP_PRIVILEGE
0.141:  Setup encountered an error:  You do not have permission to update Windows XP.
Please contact your system administrator.
0.141: You do not have permission to update Windows XP.
Please contact your system administrator.
0.141: Update.exe extended error code = 0xf004

I have checked the permission in Loal Policy of a desktop and lo and behold Domain Admins has this permission. So I dont see what the problem is!!!

Andrew

I have found this news item:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&client=googlet&frame=right&th=5004c9d026ecbb72

It suggests you need to assign users this right - ""Manage auditing and security log"" in order to apply this patch.

This appears to correct a similar error and would appear to unresolved by M$.

Worth a try.

OK,

I did this but still the same issue.

Anyone have any other ideas?

Andrew

anyone figure it out. im having the same issue

Not yet sorry. Unfortunatey the Domain that we are using to test all this is licensed under the Microsoft Action Pack which doesnt give you a lot of (none) support.

Andrew

I am having exactly the same problem... What is even more disturbing is the fact that some domain computers run the updates ok.   I have found that by disjoining a problem computer from the domain and then doing the updates works.... But i have a big problem with this...1. its slow and rediculous to try on every workstation... 2. I cant disjoin my exchange server which also wont do the updates now...

I think its a security policy or group policy mistake somewhere....  Ive checked the regular windows update policy locations and found nothing

Any solution is MUCH APPRECIATED!!

Thx

Chris

I was able to get mine working. In the local security policy of the server "Manage auditing and  security log" make sure you have your user group defined. Mine wasnt and once I added the administrators group it worked fine.

OK...A bit of an update. I have removed global policy from a single machine in my domain. I then manually ran the install for KB840374 (WindowsXP-KB840374-x86-ENU.EXE). At this point I was abl to install it with no problems. During the install I ran Sys Internals Process Explorer and found that the Update.exe process was wanting the following privileges:

Backup (Backup files and directories)
Debug (Debug programs)
Load Driver (Load and unload device drivers)
Restore (Restore files and directories)
Security (???)
Shutdown (Shut down the system)
Take Ownership (Take ownership of files and other objects)
Undock (Remove computer from docking station)

I then uninstalled the update, removed the above privileges from the user installing the update, logged off and back on and tried the update again. The update failed with the "You do not have permission to update Windows XP." error.

I am playing around with my Group Policy to see what I can do, but to have to give Backup, Restore and Take Ownership privileges to all users of a domain so they can install an update is just insane (debug is one I am iffy on as well).

Is there no way to get the updates to run as a privileged user instead of the logged in user?

Andrew

OK, My last post was basicaly everything needed to resolve the problem. Anyone have any objections to me asking for a refund?

Andrew

Seems like my comment basically pointed out the problem that you review in detail in your last post - did it not help you?   But if you think the post was useless, then I guess a refund would be appropriate.

yep, agreed.

Andrew

 I had found some take owner ship rights missing from the administrator account trying to run the updates... Once given back the updates worked

Carp3d

I got similar problem on my exchnage 2003 runing on windows 2003. I use SUS to upgrade system. w3k can not upgrade from mannually run windows upgade, and I can not run the downloded exchange 2k3 patches too. I checked ""Manage auditing and security log"" right, but I can not assign any use to this right. I tried both local and domain administrator. nither of them works. I assign the right form DC, and I will look and see the result when the system inherit my changes  

I generally find that the Backup and Restore privilledge is removed by a lot of administrators. CHeck that the user running the update has this specific one.

Andrew