I've been trying to get some definite answers on a couple of wsus scenarios and can't seem to find anything definitive. So I'm asking for some help on either finding Microsoft's official answers to these questions or answers based on the experience of the experts here. We just installed WSUS 3 on a network and are a little confused as to how deadlines work, the impact of local admin rights and the deployment of Service Packs.
The client wants to have critical updates automatically approved and have the end users get prompted to install the updates so they can install them themselves throughout the day. However, every couple of weeks he wants to have everyone leave their computers on and force all the remaining approved updates to install overnight.
This seems doable, we've setup the automatic approval for critical updates and that seems to be working fine in our testing. However, I'm a little unsure if the user needs to have admin rights in order to run the approved updates, will they run if the user only has domain user rights? Is this the same for all updates including service packs?
Also, we're a little confused about the deadline feature. From what I gather, we can just set a deadline for a night of our choosing and as long as the workstations are on, all the updates that have a deadline for that day will automatically install the updates. This is how we are planning to implement the forced updates every couple of weeks. But I can't seem to find any info on if this works for service packs as well and if there is any impact caused by a user who remaining logged on during this process. Will the deadlined updates (including service packs) get force installed regardless of the user being logged on? If the user is or isn't local admin, will that make a difference? And are there any gotcha's with XP SP3 and the forced deadlines (this is the one service pack that needs to be rolled out to almost all the machines) will it install automatically if we put a deadline on it?
Thanks in advance for any help.