Solved

Push windows update to XP desktops only

Posted on 2010-08-23
17
909 Views
Last Modified: 2012-05-10
Hi we have a single domain forest running Windows Server 2008 R2 as a domain controller.  Under this domain are desktops running XP, Vista and Windows 7 as well as servers running 2000, 2003, 2008 and 2008 R2.

I am currently creating some group policies, however they are not getting pushed out properly to the XP desktops because some of them don't haveGroup Policy Preference Client Side Extensions for Windows XP (KB943729) installed.


Is there a way that I can have this update go out to all XP computers only on this domain?
0
Comment
Question by:jamorlando
  • 8
  • 5
  • 2
  • +2
17 Comments
 
LVL 3

Accepted Solution

by:
tomex07 earned 150 total points
Comment Utility
Do you have WSUS 3?
This update is available in Windows Update so you can approuve the installation for all the computers in your domain. If it is not a Windows XP (Vista, Seven), the update will not be installed.
Or if you have groups of computers only apply for the group you want.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
Comment Utility
If you are running WSUS you should be able to deploy it that way.  If not you can test out the script here:
http://msmvps.com/blogs/cgross/archive/2008/12/16/installing-group-policy-preferences-client-side-extensions.aspx
***I have not tested that script, we have WSUS
Laura also has a great post about XMLLite.  http://www.shutuplaura.com/journal/2008/5/30/deploying-the-group-policy-preferences-cse-via-wsus.html
If you are running SP3 you are good to go for XMLLite
Thanks
Mike
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
You will need to deploy this from WSUS or get your users to manually go out to the Microsoft Update site and download this directly. All Windows Update files are in the form on EXE files. I would just create a simple document and get the user to install this update via windows update site if you do not have wsus in place. If you do have wsus accept the update (KB943729) and push out to you desktops.

0
 

Author Comment

by:jamorlando
Comment Utility
Do I need to install WSUS 3.0 SP2 on my domain controller, or can I install it on any server on the domain, so long as I provide Administrator credentials?  I'd rather not install IIS on the domain controller/DNS server here.
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
You don't have to run it on a DC...your thinking is on the money, try to keep a DC a DC :)
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
It is also not recommended to install WSUS on a DC unless this is your only server
0
 

Author Comment

by:jamorlando
Comment Utility
Thanks guys .. it took me a couple days to get the change to install WSUS.  It's installed now.

I would like to push out the Group Policy Preferences Client Side Extensions for Windows XP to all the XP machines here.

Would I create a Windows XP OU in AD and then use group policy to push it out to only those users, or can I just run it from WSUS and WSUS will know which machines to install it on?
0
 

Author Comment

by:jamorlando
Comment Utility
Also I'm trying to follow the Windows Help tutorial to set up WSUS.
In the first step it says:
To load the WSUS Administrative Template
--In Group Policy Object Editor, right-click either of the Administrative Templates nodes. ---Click Add/Remove Templates.
--Click Add.
--In Policy Templates, click wuau, and then click Open.
--Click Close to dismiss the dialog box.

When I Add it starts me off in the C:\Windows\inf directory.  There is no file called wuau in there.  When I do a search of the machine, it looks like there are four locations.  How do I know which one to use?

C:\Windows\SYSVOL\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\sysvol\iks.bz\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\sysvol\iks.bz\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Adm\wuau.adm


Sorry for all the questions.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Those other locations are from policy's that may already be in place or orphand policies. If you go to this link and just download the 2003admsetup.msi file it contains the wuau.adm file which you will then store in the "inf" folder.
http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&displaylang=en
0
 

Author Comment

by:jamorlando
Comment Utility
Thanks but my DC is running Windows 2008 R2, and this is only for 2003.  When I did some searches for 2008 Templates, I couldn't find anything.  Thoughts?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
Comment Utility
0
 

Author Comment

by:jamorlando
Comment Utility
Hmmm it only says Windows Server 2008, not Windows Server 2008 R2.  Is this a concern?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
It shouldn't be at all. Same platform just a different release.
0
 

Author Comment

by:jamorlando
Comment Utility
Thanks.  I installed 2008ADMX.msi and preferences.msi from that page, and there isn't a wuau file.
0
 

Author Comment

by:jamorlando
Comment Utility
OHHH ... I found wuau.adm.  It is in the Windows\inf folder on the server that I installed WSUS on.  Can I copy this to my domain controller and then proceed with the steps?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
Comment Utility
Yes exactly, once you have done this you should be on your way.
0
 

Author Comment

by:jamorlando
Comment Utility
Awesome.  I was able to push Group Policy Extensions to my coworker's machine successfully.  I will be testing it on a few more machines and then deploying it througout the organization.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now