Solved

Push windows update to XP desktops only

Posted on 2010-08-23
17
943 Views
Last Modified: 2012-05-10
Hi we have a single domain forest running Windows Server 2008 R2 as a domain controller.  Under this domain are desktops running XP, Vista and Windows 7 as well as servers running 2000, 2003, 2008 and 2008 R2.

I am currently creating some group policies, however they are not getting pushed out properly to the XP desktops because some of them don't haveGroup Policy Preference Client Side Extensions for Windows XP (KB943729) installed.


Is there a way that I can have this update go out to all XP computers only on this domain?
0
Comment
Question by:jamorlando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
  • +2
17 Comments
 
LVL 3

Accepted Solution

by:
tomex07 earned 150 total points
ID: 33502522
Do you have WSUS 3?
This update is available in Windows Update so you can approuve the installation for all the computers in your domain. If it is not a Windows XP (Vista, Seven), the update will not be installed.
Or if you have groups of computers only apply for the group you want.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 33502525
If you are running WSUS you should be able to deploy it that way.  If not you can test out the script here:
http://msmvps.com/blogs/cgross/archive/2008/12/16/installing-group-policy-preferences-client-side-extensions.aspx
***I have not tested that script, we have WSUS
Laura also has a great post about XMLLite.  http://www.shutuplaura.com/journal/2008/5/30/deploying-the-group-policy-preferences-cse-via-wsus.html
If you are running SP3 you are good to go for XMLLite
Thanks
Mike
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33502553
You will need to deploy this from WSUS or get your users to manually go out to the Microsoft Update site and download this directly. All Windows Update files are in the form on EXE files. I would just create a simple document and get the user to install this update via windows update site if you do not have wsus in place. If you do have wsus accept the update (KB943729) and push out to you desktops.

0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:jamorlando
ID: 33504500
Do I need to install WSUS 3.0 SP2 on my domain controller, or can I install it on any server on the domain, so long as I provide Administrator credentials?  I'd rather not install IIS on the domain controller/DNS server here.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33504536
You don't have to run it on a DC...your thinking is on the money, try to keep a DC a DC :)
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33507210
It is also not recommended to install WSUS on a DC unless this is your only server
0
 

Author Comment

by:jamorlando
ID: 33535004
Thanks guys .. it took me a couple days to get the change to install WSUS.  It's installed now.

I would like to push out the Group Policy Preferences Client Side Extensions for Windows XP to all the XP machines here.

Would I create a Windows XP OU in AD and then use group policy to push it out to only those users, or can I just run it from WSUS and WSUS will know which machines to install it on?
0
 

Author Comment

by:jamorlando
ID: 33535378
Also I'm trying to follow the Windows Help tutorial to set up WSUS.
In the first step it says:
To load the WSUS Administrative Template
--In Group Policy Object Editor, right-click either of the Administrative Templates nodes. ---Click Add/Remove Templates.
--Click Add.
--In Policy Templates, click wuau, and then click Open.
--Click Close to dismiss the dialog box.

When I Add it starts me off in the C:\Windows\inf directory.  There is no file called wuau in there.  When I do a search of the machine, it looks like there are four locations.  How do I know which one to use?

C:\Windows\SYSVOL\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\sysvol\iks.bz\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\sysvol\iks.bz\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Adm\wuau.adm


Sorry for all the questions.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33535528
Those other locations are from policy's that may already be in place or orphand policies. If you go to this link and just download the 2003admsetup.msi file it contains the wuau.adm file which you will then store in the "inf" folder.
http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&displaylang=en
0
 

Author Comment

by:jamorlando
ID: 33535595
Thanks but my DC is running Windows 2008 R2, and this is only for 2003.  When I did some searches for 2008 Templates, I couldn't find anything.  Thoughts?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 33535793
0
 

Author Comment

by:jamorlando
ID: 33535805
Hmmm it only says Windows Server 2008, not Windows Server 2008 R2.  Is this a concern?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33535835
It shouldn't be at all. Same platform just a different release.
0
 

Author Comment

by:jamorlando
ID: 33536101
Thanks.  I installed 2008ADMX.msi and preferences.msi from that page, and there isn't a wuau file.
0
 

Author Comment

by:jamorlando
ID: 33536166
OHHH ... I found wuau.adm.  It is in the Windows\inf folder on the server that I installed WSUS on.  Can I copy this to my domain controller and then proceed with the steps?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 33542150
Yes exactly, once you have done this you should be on your way.
0
 

Author Comment

by:jamorlando
ID: 33566806
Awesome.  I was able to push Group Policy Extensions to my coworker's machine successfully.  I will be testing it on a few more machines and then deploying it througout the organization.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Here's a look at newsworthy articles and community happenings during the last month.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question