Solved

Delegate Users/Groups Access To Do Windows Updates

Posted on 2008-09-30
10
294 Views
Last Modified: 2010-03-17
Our network allows only Domain Admins to perform windows updates on client system; I need to be able to specify an A.D. group or specific users to delegate this access to.  Currently, normal users cannot install software and although local admin can install software that  user still does not have access to install windows updates once the system has been added to the domain.
0
Comment
Question by:user5500
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
10 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22608669
The users nead to be local administrators to use web access of windows updates.
Instead configure automatic updates by using GPO configuring the settings in Computer Configuration\Windows Components\Windows Update
0
 

Author Comment

by:user5500
ID: 22609252
we do not allow automatic updates a domain admin account must do the update and it is definitely not allowed to have users as local admins
is there an area in GPO to delegate windows update access to an group or user account or a way to manually specify this in A.D.
0
 

Author Comment

by:user5500
ID: 22609287
additionally the solution above would not fix the issue with local admins not being able to do Windows updates it only allows them access to modify the "configure automatic update" settings

0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22609474
Use automatic updates configured to point on a internal WSUS to get control over what is approved in the organization.
0
 

Author Comment

by:user5500
ID: 22609621
we do not have a WSUS server
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22609775
Using WSUS is the way to take control over the updates.
http://technet.microsoft.com/en-us/wsus/default.aspx
0
 

Author Comment

by:user5500
ID: 22614007
i know about WSUS, but there is definitely a way to specify who is and is not allowed to do "windows update"
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22617446
No
User must be member of administrators group to access Windows update. http://support.microsoft.com/kb/316524/

To let users without administrator access install templates, you nead to use automatic updates.
To get control over what is installed through automatic updates, you nead to install WSUS on the intranet and configure the clients to use the intranet WSUS for updates. Moderate the approved patches on the WSUS.
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question