WSUS server is set up with the following:
All computers are in a group called "WSUS Computers"
"WSUS Computers" is linked to the "mydomain.local" in a GPO named "WSUS Nodes."
In the WSUS Nodes GPO I have the following enabled:
Allow Automatic Updates Immediate Installation Enabled
Configure Automatic Updates Enabled
Configure Automatic updating 4 - Auto Download and schedule the install
Schedule install day: 0 - Every day
Scheduled install time: 21:00
Do not adjust default option to 'Install Updates and Enabled
Shut Down' in Shut Down Windows dialog box
Specify intranet Microsoft updated service Location Enabled
Set the intranet update service for detecting http://MyServer
Set the intranet statistics server: http://MyServer
When updates get sent from the server, some computers get a little green shield in the system tray that says that this computer has received updates. That is what I am looking for for all of the computers. However, other computers get the yellow shield with the black exclamation point on it that says updates have been downloaded, and ready to install. The users then have to select update. When I look at the update settings on an individual computer, it is grayed out and set to update automatically everyday at 9:00pm. I do not want them to have to bother with the updates.
One other thing I do not know if it is important. In the event log, there are several entries that look like this:
Source: Windows Server Update services
Catagory: Update Server services
Event ID: 503
The Windows Server Update Services Server experienced an error while attempting to write to the log file.
1768.3886 <===== (This is different on all of the event log entries.)
xception: Access to the path "C:\Program Files\Update Services\LogFiles\Software
on.log" is denied.
or(Int32 errorCode, String str)
(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, Boolean useAsync, String msgPath, Boolean bFromProxy)
(String path, FileMode mode, FileAccess access, FileShare share)
For more information, see Help and Support Center at
(Of course when you hit the link it says there is no more information on this error.)
How do I get all of the computers to automatically install all of the updates I tell it to without the need for user’s intervention? Could the SUS be having difficulty accessing the log file so it doesn't complete the install? If so, where do I give SUS permission to access the "Update Services" directory? Or is this a totally unrelated issue?