Solved

Deploying SUS

Posted on 2004-10-01
9
995 Views
Last Modified: 2012-06-21
What is the best way to setup SUS for 300 clients?

We have a mix of 2000 and XP Pro clients, and 90% of our users are NOT local admins on their machines. I am looking for a way to setup the clients so auto updates are enabled and pulling from the SUS server.

Thanks,

Justin
0
Comment
Question by:Justin Durrant
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 12204275
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 12204393
Easy.

SUS works best with Group Policies.  Install SUS on a server.  Then read over this easy, graphical explanation of what to do next.

http://www.bris.ac.uk/is/services/computers/operatingsystems/sus/configuring.html

Basically it summarizes setting up the GPO settings and the possibly needed .adm file.

Then you put the GPO on an OU - or if you want to be bold, the whole site or domain.  (I recommend start slow by making a GPO for testing it try it out on a few machines so you can see how it's working.  Then move it to domain or site level).
0
 
LVL 84

Expert Comment

by:oBdA
ID: 12204403
The documentation on SUS is actually rather good. What's important in your case is that you need to import the wuau.adm file that you can download from the MS SUS site as well into the group policy editor and configure the clients to point to your internal SUS server for the updates. That's the obvious part.
The not so obvious part is that only one of the scheduling options will install the updates completely automatically, the others require an administrator to log on and approve of the updates. The setting you're looking for is number 4, Download automatically and install according to this schedule (or similar, not using an English version).
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 23

Author Comment

by:Justin Durrant
ID: 12204836
we are still on a nt domain
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12205576
Ah... then I see your problem.  GPOs really are the best way of doing it but you need a 2000 domain.  

I would recommend, especially if you're not the decision maker in these matters, that you use this in part of an argument to move to a 2000 or 2003 domain.  Aside from the fact that Microsoft has essentially stopped supporting NT, an AD domain would make this MUCH easier.

That said, try reading over this site:
http://www.bris.ac.uk/is/services/computers/operatingsystems/sus/config-reg.html

You can use the information there to preconfigure your Windows client registries so that they know where the server is and how often to update/etc.  As for getting these settings on the client, you should be able to script them using PSEXEC (www.sysinternals.com freeware utility - part of PSTOOLS).  The script would be a single file that goes through a list of computer names and remotely runs the registry update.  If you aren't familiar with PSTOOLS you can run the tool with a /? for an explanation of how to use it.  And if you need, I can write the script for you.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 12206580
You can still deploy the SUS settings with a rgular NT4 system policy. Open the wuau.adm in notepad, save it again as ANSI (the file comes in Unicode format, which the NT4 poledit can't handle). Then import it into poledit, and adjust your ntconfig.pol file accordingly. The one major problem with an NT4 domain and system policies is that you can't group computers, so you'll either have to use SUS on all of your machines by configuring the Default Computer object, or you'll have to add a computer into ntconfig.pol for every machine you want to deploy it on. There's a third possibility as well, though; that involves disabling the system policies or redirecting them to another .pol file on machines you don't want the SUS policies to apply.

Guide to MS Windows NT 4.0 Profiles and Policies
http://www.microsoft.com/technet/prodtechnol/winntas/maintain/prof_pol.mspx

This applies to XP as well:
Group Policies for Windows 2000 Professional Clients in Windows NT 4.0 Domain or Workgroups
http://support.microsoft.com/?kbid=274478
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 12219327
thanks guys.. will the wuau.reg work witn 2000 and XP machines? Will any client reboots be required?

Justin
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 12219596
Ok.. I am trying to call the reg file from a network location, and I get:

C:\>psexec -s \\S_east \\svfile\ittools\wuau.reg

PsExec v1.55 - Execute processes remotely
Copyright (C) 2001-2004 Mark Russinovich
Sysinternals - www.sysinternals.com


PsExec could not start \\svfile\ittools\wuau.reg on S_east:
Access is denied.

any ideas?

0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12303127
My apologies - I didn't mean to abandon the question the way I did:

In regards to your second to last comment, the wuau.reg file should work with both system, but I believe a reboot will be required on the client.

The PSEXEC issue appears to be security related.  Make sure you are either logged in to the computer your executing the command from as a domain admin.  Alternately, specify a user and password with psexec - for more info run PSEXEC /?.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question