lecomm
asked on
Can't install Windows update as Domain Admin using WSUS
I started using WSUS in my environment. Once I pointed all of my servers (2003, 2008 servers) to the WSUS server I no longer can install any updates as the Domain Administrator. I have to log into the servers as the local administrator in order to have the "install" button become available. Anyone know why this happens? Is it a GPO issue? The Domain Admin should have all rights to the local server...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have looked through the policies and I can't seem to find what can be causing this. Can anyone get specific and tell me where to look in the policies that could cause the Domain Admin to not be able to install updates on my WSUS connected servers?
ASKER
Can anyone help with this? I am trying to determine why I can not use my Domain Admin account to install updates on my servers after connecting them to the WSUS server... It is becoming a pain to have to log into the local administrator to install patches as some of these servers are in NLB configurations or CCR configurations for Exchange and you can't manage the CCR or NLB when logged in as local administrator.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, it was a GPO issue and I did track it down. I have inhertitance blocked on the OU that has my admin accounts in it. There is no way to block inheritance on the USERS OU which is where the Administrator account is located. With the setting "Allow non-administrators to receive update notifications" set to enabled then the Domain Administrator will not see the "install" button when you click on the yellow shield to install ready updates. No work around, just use another account with Domain Admin rights, but located in another OU with inheritance blocked for the GPO.
ASKER