[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 394
  • Last Modified:

High security type GPO w/ MSI install disabled and using WSUS2.0 to update machines

GPO- locked down GPO with MSI installed disabled
OS- XP pro
server(s) WSUS2.0  /   win2k3

My question is this, we have disabled MSI install in the GPO, will that stop WSUS 2.0 from updating the machines?

WSUS will be downloading updates to itself and installing from there.
  • 2
1 Solution
It should not! Is there a particular reason you are disabling MSI's though?

Depending on the group policy applied - I would think that this setting:

Computer Config\Admin. Templates\Windows Components\Windows Installer\Disable Windows Installer

would only disable user-initiated installs - not WSUS - as the description states:

This setting can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator.

So - you want the setting on "for non-managed apps only"
Hope that was helpful.
Thank you.

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now