Patch Management
We recently purchased Kaseya to fulfill our patch management needs among other things. One of the things I need to do is disable or turn off my current Autopmatic update settings that I have configured with my WSUS server through GPO in order to allow the patch management control the patching process. If I have a GPO setting this will reset the software setting everytime the GPO is applied. I could do a couple of things set all the GPO back to not configured and wait for group policy to be refreshed and then set the settings in the software which will push out the registry settings to the client machines. The other option I can think of is to disable windows update altogether through gpo's. What do you think my best bet is and how can I disbale GPO's for Automatic updates? Should I simply set them to disabled or not configured?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
5 minutes for domain controllers and 90 minutes for everything else (servers and workstations)
Here's the MSDN page regarding refresh times:
http://msdn.microsoft.com/en-us/library/ms813077.aspx
Just look at the "breadcrumbs" at the top of the article to see where you can adjust this via Group Policy.
http://msdn.microsoft.com/en-us/library/ms813077.aspx
Just look at the "breadcrumbs" at the top of the article to see where you can adjust this via Group Policy.
ASKER
I set the GPO to disbaled. The user can however still go to Windows Update to manualy install the updates. Its probably not a concernb but is there a way to prvent this yet still allow the kaseya patch management to utilize the Microsoft Update API to perform a patch scan which needs access to the Windows and Microsoft update sites?
Local administrators will still be able to enable Automatic Updates in the Control Panel. Also going to the Microsoft or Windows Update website will still be allowed. If you want to block this for certain computers, you could always set an IPSec policy GPO to block those sites (Computer Configuration\Windows Settings\Security Settings\IP Security Policies). That can get a little messy though.
Does the kaseya software run in a central location and push out updates to the computers on a LAN, or does it run on all of the computers and pull updates from the Internet? I'm not familiar with it.
Does the kaseya software run in a central location and push out updates to the computers on a LAN, or does it run on all of the computers and pull updates from the Internet? I'm not familiar with it.
ASKER