Solved

WSUS SP1 - Local Admin Required?

Posted on 2007-03-23
4
336 Views
Last Modified: 2010-04-18
WSUS SP1 - Do the client have to be local administrators to load updaes if they are configured to get updates from an internal WSUS Server?
0
Comment
Question by:RobertsExchange2003
  • 3
4 Comments
 
LVL 19

Accepted Solution

by:
aissim earned 250 total points
ID: 18779955
This should answer some of your questions: (copied from the following article: http://www.microsoft.com/technet/community/columns/sectip/st0506.mspx)

2 - Notify for download and notify for install
This option allows for the utmost control to the Admin users on WSUS clients so that they can decide when to start both the download and the installation of updates. This configuration option is useful in environments where maintenance windows vary and critical business demands on clients (servers or desktops) are difficult to predict, or compliance conformity requirements dictate optimal control over transferred, installed, or removed software. This option also provides the ability of the client’s Admin user to be able to select all or a subset of the approved updates, to be downloaded and/or installed on a client system. This option will cause an icon to appear in the notification area, at the far right of the taskbar, both when the updates are ready to download and when the downloads are complete and are ready to be installed. By clicking the icon, Admin users have both the control of selecting which approved updates to download and which to install.

3 - Auto download and notify for install - Default option
This AU option is particularly useful to ensure that an update installation happens at a time most convenient for the local administrative end user in relation to work imperatives, maintenance windows, and planned or end of the day shutdowns. This option permits the automatic download to occur in the background, but gives the client administrative end user the ability to select which downloaded updates to install and when to install them. After automatic downloads are completed, an icon appears in the notification area. When users click the icon they can see which updates were downloaded and select all or some of them to install.

4 - Auto download and schedule the install
This policy option works very well in environments where known business hours and maintenance windows are fairly stable and predictable. For systems in an environment with predictable usage schedules, downloading in the background and setting a scheduled installation to occur at specific hours after core business works well for environments with static systems that are left on or in energy-saving modes. If this policy is enabled, the default time for the scheduled install is 3:00 A.M. once a day. If an update requires a reboot in order to complete installation, the client will automatically reboot. If an administrative user happens to be logged on during this time, they will see a restart notification and have the option to delay the reboot. Non-administrative users will see the notification (enabling them to save their work). They will not be able to delay the restart, but they can initiate the reboot.

0
 

Author Comment

by:RobertsExchange2003
ID: 18780101
I restaged a PC and set it to point to a WSUS server that I am going to deploy to the entire enviroment. When I was completing the setup of the workstation I was geting the update pop-ups and the updates were installing. When the user logged backon (non-local admin) The updates just stopped all together. It has been two days and no more updates have loaded. I am set to option 4 in the GPO and even tried to schedule the updates - nothing yet? any thoughts as to why???
0
 
LVL 19

Expert Comment

by:aissim
ID: 18780953
I'm afraid this is by design...although you're not the only person that dislikes it. I want to say that critical updates will still install (silently in the background) - but everything else is left to an admin account.

Since the updates make changes to the operating system it goes against what non-admins are allowed to do...hence the dilemma...

I'll do a little digging to see if there are any workarounds out there.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18781128
Just looked back at my GPO and thought of something else...have you tried enabling the "Allow non-administrators to receive update notifications"? You could try option 3 with this setting enabled.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question