Solved

WSUS SP1 - Local Admin Required?

Posted on 2007-03-23
4
340 Views
Last Modified: 2010-04-18
WSUS SP1 - Do the client have to be local administrators to load updaes if they are configured to get updates from an internal WSUS Server?
0
Comment
Question by:RobertsExchange2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 19

Accepted Solution

by:
aissim earned 250 total points
ID: 18779955
This should answer some of your questions: (copied from the following article: http://www.microsoft.com/technet/community/columns/sectip/st0506.mspx)

2 - Notify for download and notify for install
This option allows for the utmost control to the Admin users on WSUS clients so that they can decide when to start both the download and the installation of updates. This configuration option is useful in environments where maintenance windows vary and critical business demands on clients (servers or desktops) are difficult to predict, or compliance conformity requirements dictate optimal control over transferred, installed, or removed software. This option also provides the ability of the client’s Admin user to be able to select all or a subset of the approved updates, to be downloaded and/or installed on a client system. This option will cause an icon to appear in the notification area, at the far right of the taskbar, both when the updates are ready to download and when the downloads are complete and are ready to be installed. By clicking the icon, Admin users have both the control of selecting which approved updates to download and which to install.

3 - Auto download and notify for install - Default option
This AU option is particularly useful to ensure that an update installation happens at a time most convenient for the local administrative end user in relation to work imperatives, maintenance windows, and planned or end of the day shutdowns. This option permits the automatic download to occur in the background, but gives the client administrative end user the ability to select which downloaded updates to install and when to install them. After automatic downloads are completed, an icon appears in the notification area. When users click the icon they can see which updates were downloaded and select all or some of them to install.

4 - Auto download and schedule the install
This policy option works very well in environments where known business hours and maintenance windows are fairly stable and predictable. For systems in an environment with predictable usage schedules, downloading in the background and setting a scheduled installation to occur at specific hours after core business works well for environments with static systems that are left on or in energy-saving modes. If this policy is enabled, the default time for the scheduled install is 3:00 A.M. once a day. If an update requires a reboot in order to complete installation, the client will automatically reboot. If an administrative user happens to be logged on during this time, they will see a restart notification and have the option to delay the reboot. Non-administrative users will see the notification (enabling them to save their work). They will not be able to delay the restart, but they can initiate the reboot.

0
 

Author Comment

by:RobertsExchange2003
ID: 18780101
I restaged a PC and set it to point to a WSUS server that I am going to deploy to the entire enviroment. When I was completing the setup of the workstation I was geting the update pop-ups and the updates were installing. When the user logged backon (non-local admin) The updates just stopped all together. It has been two days and no more updates have loaded. I am set to option 4 in the GPO and even tried to schedule the updates - nothing yet? any thoughts as to why???
0
 
LVL 19

Expert Comment

by:aissim
ID: 18780953
I'm afraid this is by design...although you're not the only person that dislikes it. I want to say that critical updates will still install (silently in the background) - but everything else is left to an admin account.

Since the updates make changes to the operating system it goes against what non-admins are allowed to do...hence the dilemma...

I'll do a little digging to see if there are any workarounds out there.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18781128
Just looked back at my GPO and thought of something else...have you tried enabling the "Allow non-administrators to receive update notifications"? You could try option 3 with this setting enabled.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question