Solved

Active Directory: Running Windows Updates w/o admin rights via GPO

Posted on 2004-08-28
3
174 Views
Last Modified: 2010-04-14
Since our users don't know how to run the Windows Updates, I've enabled the policy in a GPO so that the user does not have access to the Windows Updates feature.

1)  Is there a way to automatically run the Windows Updates via AD/GPO even if the user is not logged onto their PC with admin rights?

2)  Can the update be run off hours when the user is logged off the PC?
0
Comment
Question by:halfondj
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 300 total points
ID: 11920713
use SUS

SUS (Software Update Services)

http://www.microsoft.com/windowsserversystem/sus/default.mspx

Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows® 2000 and Windows Server™ 2003-based servers, as well as to desktop computers running Windows 2000 Professional or Windows XP Professional.

SUS now provides Windows service packs (SPs), in addition to critical and security updates. SUS will deliver Windows XP SP1, Windows 2000 SP4, and all future service packs for Windows 2000, Windows XP, and the Windows Server 2003 family of products.

Download SUS Software here
http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-972C-AE66A4E4BF6C&displaylang=en

Download the deployment guide here
http://www.microsoft.com/windows2000/docs/SUS_Deployguide_sp1.doc

Installation Notes
SUS Server 1.0 with SP1 automatically installs under the Web site that is currently running. It will not interfere with this or any other Web sites. If no other Web site is currently running, SUS Server 1.0 with SP1 will create a new Web
site.

Requirements

Computer operating systems where Software Update Services (SUS) can be installed:
Windows 2000, Service Pack 2 or above.
Windows Server 2003.
 
Computers where Automatic Update is already included in the operating system:
Windows 2000, Service Pack 3 or above.
Windows XP, Service Pack 1 or above.
Windows Server 2003.
 
Computers where a separate Automatic Update client installation is required:
Windows 2000, Service Pack 2.
Windows XP, no Service Pack.
 


For more information about where Setup places SUS Server 1.0 with SP1 components, refer to Appendix A in the Software Update Services
Deployment White Paper.

You can start the default site using the following steps:

Click Start, click Administrative Tools, then open Internet Information Services (IIS).
Click Web Sites, and then right-click Default Website.
Click Start.


Preparation your web site
In the basic installation, the SUS Server will install in the default port 80 website.
Visit the URL in your web browser to ensure IIS is running and operational. If there are no pages, Right-Click here and save this file in the website home directory as a location holder.

The Installation
For the basic installation, follow these instructions:
Run the Installation package.
When the Installation wizard starts, click "Next".
Read the License Agreement, select "I accept...", click "Next".
Click "Typical" for default settings.
Click "Install".
Installation will proceed.
Click "Finish" to end.
 
Connecting to the SUS Server administration console
All SUS Server administration is done through the web-based management console.
To access the console, visit:
http://localhost/susadmin/ if you are logged into the SUS Server.
http://SUS-Server-URL/susadmin/ if you are connecting to the SUS Server over the network.
 
Setting your SUS Server options
In the SUS Server Administration Console, down the left-hand navigation menu, select "Set options".
In this area, you can configure the following options:
Select a proxy server configuration. This proxy setting is used when the SUS Server performs a synchronization, either to Microsoft or a parent SUS Server.
Specify the name your clients use to locate this update server. This can be the short servername or the fully qualified DNS name of the server. This name is used for the clients to download updates.
Select which server to synchronize content from. Generally you will be synchronizing from Microsoft Windows Update, but you can specify another internal SUS Server. Also, the synchronize list of approved items allows this SUS Server to copy the update approval from the specified parent SUS Server, this option is useful for branch office situations.
Select how you want to handle new versions of previously approved. Select the option which suits your operational and quality assurance processes.
Select where you want to store updates. Generally, you will be saving the updates locally. Click on the "Clear All" button, then select the languages that will be supported by this SUS Server.
Click the "Apply" button.
 
Setting up synchronization
In the SUS Server Administration Console, down the left-hand navigation menu, select "Synchronize server". In this area, you can configure the update synchronization and perform it manually.
Click on "Synchronization Schedule" and configure the schedule to suit your requirements. Click "OK" to complete.
Click "Synchronize Now" to perform the initial synchronization. This will download all updates for the languages you have selected. You may wish to left this task and let the SUS Server do it during the scheduled synchronization.

Approving the updates for release
In the SUS Server Administration Console, down the left-hand navigation menu, select "Approve Update". In this area, you will be approving Microsoft Updates for release to clients.
Click the check box next to each update that you wish to release to the clients, when finished click the "Approve" button and follow the prompt to accept the licensing terms.

Where to now
You now have a functional SUS Server with approved updates. It is ready to distribute updates to clients.

*****Links*****


Troubleshooting Auto Update Client Error Codes
http://www.susserver.com/FAQs/FAQ-TroubleshootingAutoUpdateClientErrorCodes.asp
Troubleshooting the Auto Update Client Downloads
http://www.susserver.com/FAQs/FAQ-TroubleshootingAutoUpdateClientDownloads.asp


*****References*****

http://www.susserver.com/
http://www.susserver.com/Articles/SUS-InstallingSUS-Basic.asp
0
 

Author Comment

by:halfondj
ID: 11920787
What really helped were the reference web sites.  Thanks.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11920800
My Pleasure have a good weekend :)
Pete
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Adprep 12 47
Just changed my 2000 Server DCs IP now what 3 390
win2k service packs 5 638
P2V conversion for Windows NT 4.0 Server 2 2,174
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now