Solved

Delegate Users/Groups Access To Do Windows Updates

Posted on 2008-09-30
10
290 Views
Last Modified: 2010-03-17
Our network allows only Domain Admins to perform windows updates on client system; I need to be able to specify an A.D. group or specific users to delegate this access to.  Currently, normal users cannot install software and although local admin can install software that  user still does not have access to install windows updates once the system has been added to the domain.
0
Comment
Question by:user5500
  • 4
  • 4
10 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22608669
The users nead to be local administrators to use web access of windows updates.
Instead configure automatic updates by using GPO configuring the settings in Computer Configuration\Windows Components\Windows Update
0
 

Author Comment

by:user5500
ID: 22609252
we do not allow automatic updates a domain admin account must do the update and it is definitely not allowed to have users as local admins
is there an area in GPO to delegate windows update access to an group or user account or a way to manually specify this in A.D.
0
 

Author Comment

by:user5500
ID: 22609287
additionally the solution above would not fix the issue with local admins not being able to do Windows updates it only allows them access to modify the "configure automatic update" settings

0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22609474
Use automatic updates configured to point on a internal WSUS to get control over what is approved in the organization.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:user5500
ID: 22609621
we do not have a WSUS server
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22609775
Using WSUS is the way to take control over the updates.
http://technet.microsoft.com/en-us/wsus/default.aspx
0
 

Author Comment

by:user5500
ID: 22614007
i know about WSUS, but there is definitely a way to specify who is and is not allowed to do "windows update"
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22617446
No
User must be member of administrators group to access Windows update. http://support.microsoft.com/kb/316524/

To let users without administrator access install templates, you nead to use automatic updates.
To get control over what is installed through automatic updates, you nead to install WSUS on the intranet and configure the clients to use the intranet WSUS for updates. Moderate the approved patches on the WSUS.
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now