Solved

WSUS SP1 - Local Admin Required?

Posted on 2007-03-23
4
334 Views
Last Modified: 2010-04-18
WSUS SP1 - Do the client have to be local administrators to load updaes if they are configured to get updates from an internal WSUS Server?
0
Comment
Question by:RobertsExchange2003
  • 3
4 Comments
 
LVL 19

Accepted Solution

by:
aissim earned 250 total points
Comment Utility
This should answer some of your questions: (copied from the following article: http://www.microsoft.com/technet/community/columns/sectip/st0506.mspx)

2 - Notify for download and notify for install
This option allows for the utmost control to the Admin users on WSUS clients so that they can decide when to start both the download and the installation of updates. This configuration option is useful in environments where maintenance windows vary and critical business demands on clients (servers or desktops) are difficult to predict, or compliance conformity requirements dictate optimal control over transferred, installed, or removed software. This option also provides the ability of the client’s Admin user to be able to select all or a subset of the approved updates, to be downloaded and/or installed on a client system. This option will cause an icon to appear in the notification area, at the far right of the taskbar, both when the updates are ready to download and when the downloads are complete and are ready to be installed. By clicking the icon, Admin users have both the control of selecting which approved updates to download and which to install.

3 - Auto download and notify for install - Default option
This AU option is particularly useful to ensure that an update installation happens at a time most convenient for the local administrative end user in relation to work imperatives, maintenance windows, and planned or end of the day shutdowns. This option permits the automatic download to occur in the background, but gives the client administrative end user the ability to select which downloaded updates to install and when to install them. After automatic downloads are completed, an icon appears in the notification area. When users click the icon they can see which updates were downloaded and select all or some of them to install.

4 - Auto download and schedule the install
This policy option works very well in environments where known business hours and maintenance windows are fairly stable and predictable. For systems in an environment with predictable usage schedules, downloading in the background and setting a scheduled installation to occur at specific hours after core business works well for environments with static systems that are left on or in energy-saving modes. If this policy is enabled, the default time for the scheduled install is 3:00 A.M. once a day. If an update requires a reboot in order to complete installation, the client will automatically reboot. If an administrative user happens to be logged on during this time, they will see a restart notification and have the option to delay the reboot. Non-administrative users will see the notification (enabling them to save their work). They will not be able to delay the restart, but they can initiate the reboot.

0
 

Author Comment

by:RobertsExchange2003
Comment Utility
I restaged a PC and set it to point to a WSUS server that I am going to deploy to the entire enviroment. When I was completing the setup of the workstation I was geting the update pop-ups and the updates were installing. When the user logged backon (non-local admin) The updates just stopped all together. It has been two days and no more updates have loaded. I am set to option 4 in the GPO and even tried to schedule the updates - nothing yet? any thoughts as to why???
0
 
LVL 19

Expert Comment

by:aissim
Comment Utility
I'm afraid this is by design...although you're not the only person that dislikes it. I want to say that critical updates will still install (silently in the background) - but everything else is left to an admin account.

Since the updates make changes to the operating system it goes against what non-admins are allowed to do...hence the dilemma...

I'll do a little digging to see if there are any workarounds out there.
0
 
LVL 19

Expert Comment

by:aissim
Comment Utility
Just looked back at my GPO and thought of something else...have you tried enabling the "Allow non-administrators to receive update notifications"? You could try option 3 with this setting enabled.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Safely Remove cd/dvd drives 8 71
Move authentication role 3 39
SolarWind and DNS Server 12 34
why user can't see mapped share folder 8 33
I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now