newsignature
asked on
let non administrators install windows updates
Hi,
We are currently have an all laptop user install base who due to a company policy are required to take their laptop home every night. We are using windows vista sp2 on all computers and none of the users have local administrator privileges. We are using WSUS via System Center Essentials to push out patches and applications. In order to limit the disruption of the user start-up experience and still ensure that patches are getting installed we were installing patches at 2pm in the afternoon. This helped to ensure people were still in the office when the updates installed and not start installing updates shortly after morning logon (when they would be starting all of their programs at once). Recently, we have some new programs that rely on the SQL engine and other MS processes to run. If an update runs that has a component that the program needs, the program will usually break at worst and most of the time won't work properly until the machine is restarted.
I have thought about changing my WSUS policy to download and notify for install and notify non-administrator users about update notifications. I would then just require the users to run updates once a week or month (for example) and use WSUS/SCE reporting to catch my stragglers. However based on my initial testing, running windows updates will still require administrator permissions. I also thought about telling people to select install updates and shutdown but I'm sure they will not enjoy waiting for their machine to patch and reboot when they are leaving the office.
Has anyone run into a situation like this before and if so how did you go about solving it?
Thanks!
We are currently have an all laptop user install base who due to a company policy are required to take their laptop home every night. We are using windows vista sp2 on all computers and none of the users have local administrator privileges. We are using WSUS via System Center Essentials to push out patches and applications. In order to limit the disruption of the user start-up experience and still ensure that patches are getting installed we were installing patches at 2pm in the afternoon. This helped to ensure people were still in the office when the updates installed and not start installing updates shortly after morning logon (when they would be starting all of their programs at once). Recently, we have some new programs that rely on the SQL engine and other MS processes to run. If an update runs that has a component that the program needs, the program will usually break at worst and most of the time won't work properly until the machine is restarted.
I have thought about changing my WSUS policy to download and notify for install and notify non-administrator users about update notifications. I would then just require the users to run updates once a week or month (for example) and use WSUS/SCE reporting to catch my stragglers. However based on my initial testing, running windows updates will still require administrator permissions. I also thought about telling people to select install updates and shutdown but I'm sure they will not enjoy waiting for their machine to patch and reboot when they are leaving the office.
Has anyone run into a situation like this before and if so how did you go about solving it?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Don
I would also suggest to use option 4 auto download and schedule the install, because relying on users to do the installs would be more headache than its worth.
Might not be the answer you are looking for but consider upgrading to WSUS3. That provides more flexibility. As you can set the policy to download and make it available for them to install and you can set a "deadline" i.e. the users will HAVE to do the installation prior to deadline or it will be forced to their machine.
Upgrading does not provide more flexibility, It only provides improvements
http://technet.microsoft.com/en-us/library/dd939886(WS.10).aspx
Deadlines were available in the first version of WSUS
http://www.wsuswiki.com/WhatsNewInWSUS.
Side note: using deadlines will force a reboot no matter what(no exceptions) not recommended while users are logged on.
http://technet.microsoft.com/en-us/library/dd939886(WS.10).aspx
Deadlines were available in the first version of WSUS
http://www.wsuswiki.com/WhatsNewInWSUS.
Side note: using deadlines will force a reboot no matter what(no exceptions) not recommended while users are logged on.
ASKER
Thanks,
I'm already on WSUS 3 SP2, and familiar with deadlines, reporting etc etc.
As i mentioned, I'm trying to design a solution that will give me the best success for update install (meaning I will probably give updates a 2 week deadline or something like that) however i want to keep the user disruption to a minimum. Because they're all laptop users, overnight patching is a no go
If I set the GP setting to allow non-administrators to receive update notifications, will they be able to click and start the install w/o a UAC prompt?
I'm already on WSUS 3 SP2, and familiar with deadlines, reporting etc etc.
As i mentioned, I'm trying to design a solution that will give me the best success for update install (meaning I will probably give updates a 2 week deadline or something like that) however i want to keep the user disruption to a minimum. Because they're all laptop users, overnight patching is a no go
If I set the GP setting to allow non-administrators to receive update notifications, will they be able to click and start the install w/o a UAC prompt?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
rock on.
thanks guys!
thanks guys!