• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 300
  • Last Modified:

Delegate Users/Groups Access To Do Windows Updates

Our network allows only Domain Admins to perform windows updates on client system; I need to be able to specify an A.D. group or specific users to delegate this access to.  Currently, normal users cannot install software and although local admin can install software that  user still does not have access to install windows updates once the system has been added to the domain.
0
user5500
Asked:
user5500
  • 4
  • 4
1 Solution
 
Henrik JohanssonSystems engineerCommented:
The users nead to be local administrators to use web access of windows updates.
Instead configure automatic updates by using GPO configuring the settings in Computer Configuration\Windows Components\Windows Update
0
 
user5500Author Commented:
we do not allow automatic updates a domain admin account must do the update and it is definitely not allowed to have users as local admins
is there an area in GPO to delegate windows update access to an group or user account or a way to manually specify this in A.D.
0
 
user5500Author Commented:
additionally the solution above would not fix the issue with local admins not being able to do Windows updates it only allows them access to modify the "configure automatic update" settings

0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
Henrik JohanssonSystems engineerCommented:
Use automatic updates configured to point on a internal WSUS to get control over what is approved in the organization.
0
 
user5500Author Commented:
we do not have a WSUS server
0
 
Henrik JohanssonSystems engineerCommented:
Using WSUS is the way to take control over the updates.
http://technet.microsoft.com/en-us/wsus/default.aspx
0
 
user5500Author Commented:
i know about WSUS, but there is definitely a way to specify who is and is not allowed to do "windows update"
0
 
Henrik JohanssonSystems engineerCommented:
No
User must be member of administrators group to access Windows update. http://support.microsoft.com/kb/316524/

To let users without administrator access install templates, you nead to use automatic updates.
To get control over what is installed through automatic updates, you nead to install WSUS on the intranet and configure the clients to use the intranet WSUS for updates. Moderate the approved patches on the WSUS.
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now