Solved

WSUS SP1 - Local Admin Required?

Posted on 2007-03-23
4
338 Views
Last Modified: 2010-04-18
WSUS SP1 - Do the client have to be local administrators to load updaes if they are configured to get updates from an internal WSUS Server?
0
Comment
Question by:RobertsExchange2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 19

Accepted Solution

by:
aissim earned 250 total points
ID: 18779955
This should answer some of your questions: (copied from the following article: http://www.microsoft.com/technet/community/columns/sectip/st0506.mspx)

2 - Notify for download and notify for install
This option allows for the utmost control to the Admin users on WSUS clients so that they can decide when to start both the download and the installation of updates. This configuration option is useful in environments where maintenance windows vary and critical business demands on clients (servers or desktops) are difficult to predict, or compliance conformity requirements dictate optimal control over transferred, installed, or removed software. This option also provides the ability of the client’s Admin user to be able to select all or a subset of the approved updates, to be downloaded and/or installed on a client system. This option will cause an icon to appear in the notification area, at the far right of the taskbar, both when the updates are ready to download and when the downloads are complete and are ready to be installed. By clicking the icon, Admin users have both the control of selecting which approved updates to download and which to install.

3 - Auto download and notify for install - Default option
This AU option is particularly useful to ensure that an update installation happens at a time most convenient for the local administrative end user in relation to work imperatives, maintenance windows, and planned or end of the day shutdowns. This option permits the automatic download to occur in the background, but gives the client administrative end user the ability to select which downloaded updates to install and when to install them. After automatic downloads are completed, an icon appears in the notification area. When users click the icon they can see which updates were downloaded and select all or some of them to install.

4 - Auto download and schedule the install
This policy option works very well in environments where known business hours and maintenance windows are fairly stable and predictable. For systems in an environment with predictable usage schedules, downloading in the background and setting a scheduled installation to occur at specific hours after core business works well for environments with static systems that are left on or in energy-saving modes. If this policy is enabled, the default time for the scheduled install is 3:00 A.M. once a day. If an update requires a reboot in order to complete installation, the client will automatically reboot. If an administrative user happens to be logged on during this time, they will see a restart notification and have the option to delay the reboot. Non-administrative users will see the notification (enabling them to save their work). They will not be able to delay the restart, but they can initiate the reboot.

0
 

Author Comment

by:RobertsExchange2003
ID: 18780101
I restaged a PC and set it to point to a WSUS server that I am going to deploy to the entire enviroment. When I was completing the setup of the workstation I was geting the update pop-ups and the updates were installing. When the user logged backon (non-local admin) The updates just stopped all together. It has been two days and no more updates have loaded. I am set to option 4 in the GPO and even tried to schedule the updates - nothing yet? any thoughts as to why???
0
 
LVL 19

Expert Comment

by:aissim
ID: 18780953
I'm afraid this is by design...although you're not the only person that dislikes it. I want to say that critical updates will still install (silently in the background) - but everything else is left to an admin account.

Since the updates make changes to the operating system it goes against what non-admins are allowed to do...hence the dilemma...

I'll do a little digging to see if there are any workarounds out there.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18781128
Just looked back at my GPO and thought of something else...have you tried enabling the "Allow non-administrators to receive update notifications"? You could try option 3 with this setting enabled.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question