Solved

Delegate Users/Groups Access To Do Windows Updates

Posted on 2008-09-30
10
292 Views
Last Modified: 2010-03-17
Our network allows only Domain Admins to perform windows updates on client system; I need to be able to specify an A.D. group or specific users to delegate this access to.  Currently, normal users cannot install software and although local admin can install software that  user still does not have access to install windows updates once the system has been added to the domain.
0
Comment
Question by:user5500
  • 4
  • 4
10 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22608669
The users nead to be local administrators to use web access of windows updates.
Instead configure automatic updates by using GPO configuring the settings in Computer Configuration\Windows Components\Windows Update
0
 

Author Comment

by:user5500
ID: 22609252
we do not allow automatic updates a domain admin account must do the update and it is definitely not allowed to have users as local admins
is there an area in GPO to delegate windows update access to an group or user account or a way to manually specify this in A.D.
0
 

Author Comment

by:user5500
ID: 22609287
additionally the solution above would not fix the issue with local admins not being able to do Windows updates it only allows them access to modify the "configure automatic update" settings

0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22609474
Use automatic updates configured to point on a internal WSUS to get control over what is approved in the organization.
0
 

Author Comment

by:user5500
ID: 22609621
we do not have a WSUS server
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22609775
Using WSUS is the way to take control over the updates.
http://technet.microsoft.com/en-us/wsus/default.aspx
0
 

Author Comment

by:user5500
ID: 22614007
i know about WSUS, but there is definitely a way to specify who is and is not allowed to do "windows update"
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22617446
No
User must be member of administrators group to access Windows update. http://support.microsoft.com/kb/316524/

To let users without administrator access install templates, you nead to use automatic updates.
To get control over what is installed through automatic updates, you nead to install WSUS on the intranet and configure the clients to use the intranet WSUS for updates. Moderate the approved patches on the WSUS.
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question