Delegate Users/Groups Access To Do Windows Updates

Our network allows only Domain Admins to perform windows updates on client system; I need to be able to specify an A.D. group or specific users to delegate this access to.  Currently, normal users cannot install software and although local admin can install software that  user still does not have access to install windows updates once the system has been added to the domain.
user5500Asked:
Who is Participating?
 
Henrik JohanssonConnect With a Mentor Systems engineerCommented:
No
User must be member of administrators group to access Windows update. http://support.microsoft.com/kb/316524/

To let users without administrator access install templates, you nead to use automatic updates.
To get control over what is installed through automatic updates, you nead to install WSUS on the intranet and configure the clients to use the intranet WSUS for updates. Moderate the approved patches on the WSUS.
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location
0
 
Henrik JohanssonSystems engineerCommented:
The users nead to be local administrators to use web access of windows updates.
Instead configure automatic updates by using GPO configuring the settings in Computer Configuration\Windows Components\Windows Update
0
 
user5500Author Commented:
we do not allow automatic updates a domain admin account must do the update and it is definitely not allowed to have users as local admins
is there an area in GPO to delegate windows update access to an group or user account or a way to manually specify this in A.D.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
user5500Author Commented:
additionally the solution above would not fix the issue with local admins not being able to do Windows updates it only allows them access to modify the "configure automatic update" settings

0
 
Henrik JohanssonSystems engineerCommented:
Use automatic updates configured to point on a internal WSUS to get control over what is approved in the organization.
0
 
user5500Author Commented:
we do not have a WSUS server
0
 
Henrik JohanssonSystems engineerCommented:
Using WSUS is the way to take control over the updates.
http://technet.microsoft.com/en-us/wsus/default.aspx
0
 
user5500Author Commented:
i know about WSUS, but there is definitely a way to specify who is and is not allowed to do "windows update"
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.