?
Solved

Push windows update to XP desktops only

Posted on 2010-08-23
17
Medium Priority
?
956 Views
Last Modified: 2012-05-10
Hi we have a single domain forest running Windows Server 2008 R2 as a domain controller.  Under this domain are desktops running XP, Vista and Windows 7 as well as servers running 2000, 2003, 2008 and 2008 R2.

I am currently creating some group policies, however they are not getting pushed out properly to the XP desktops because some of them don't haveGroup Policy Preference Client Side Extensions for Windows XP (KB943729) installed.


Is there a way that I can have this update go out to all XP computers only on this domain?
0
Comment
Question by:jamorlando
  • 8
  • 5
  • 2
  • +2
17 Comments
 
LVL 3

Accepted Solution

by:
tomex07 earned 600 total points
ID: 33502522
Do you have WSUS 3?
This update is available in Windows Update so you can approuve the installation for all the computers in your domain. If it is not a Windows XP (Vista, Seven), the update will not be installed.
Or if you have groups of computers only apply for the group you want.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 33502525
If you are running WSUS you should be able to deploy it that way.  If not you can test out the script here:
http://msmvps.com/blogs/cgross/archive/2008/12/16/installing-group-policy-preferences-client-side-extensions.aspx
***I have not tested that script, we have WSUS
Laura also has a great post about XMLLite.  http://www.shutuplaura.com/journal/2008/5/30/deploying-the-group-policy-preferences-cse-via-wsus.html
If you are running SP3 you are good to go for XMLLite
Thanks
Mike
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33502553
You will need to deploy this from WSUS or get your users to manually go out to the Microsoft Update site and download this directly. All Windows Update files are in the form on EXE files. I would just create a simple document and get the user to install this update via windows update site if you do not have wsus in place. If you do have wsus accept the update (KB943729) and push out to you desktops.

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:jamorlando
ID: 33504500
Do I need to install WSUS 3.0 SP2 on my domain controller, or can I install it on any server on the domain, so long as I provide Administrator credentials?  I'd rather not install IIS on the domain controller/DNS server here.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33504536
You don't have to run it on a DC...your thinking is on the money, try to keep a DC a DC :)
0
 
LVL 48

Expert Comment

by:Don
ID: 33507210
It is also not recommended to install WSUS on a DC unless this is your only server
0
 

Author Comment

by:jamorlando
ID: 33535004
Thanks guys .. it took me a couple days to get the change to install WSUS.  It's installed now.

I would like to push out the Group Policy Preferences Client Side Extensions for Windows XP to all the XP machines here.

Would I create a Windows XP OU in AD and then use group policy to push it out to only those users, or can I just run it from WSUS and WSUS will know which machines to install it on?
0
 

Author Comment

by:jamorlando
ID: 33535378
Also I'm trying to follow the Windows Help tutorial to set up WSUS.
In the first step it says:
To load the WSUS Administrative Template
--In Group Policy Object Editor, right-click either of the Administrative Templates nodes. ---Click Add/Remove Templates.
--Click Add.
--In Policy Templates, click wuau, and then click Open.
--Click Close to dismiss the dialog box.

When I Add it starts me off in the C:\Windows\inf directory.  There is no file called wuau in there.  When I do a search of the machine, it looks like there are four locations.  How do I know which one to use?

C:\Windows\SYSVOL\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\sysvol\iks.bz\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm\wuau.adm
C:\Windows\SYSVOL\sysvol\iks.bz\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Adm\wuau.adm


Sorry for all the questions.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33535528
Those other locations are from policy's that may already be in place or orphand policies. If you go to this link and just download the 2003admsetup.msi file it contains the wuau.adm file which you will then store in the "inf" folder.
http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&displaylang=en
0
 

Author Comment

by:jamorlando
ID: 33535595
Thanks but my DC is running Windows 2008 R2, and this is only for 2003.  When I did some searches for 2008 Templates, I couldn't find anything.  Thoughts?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 400 total points
ID: 33535793
0
 

Author Comment

by:jamorlando
ID: 33535805
Hmmm it only says Windows Server 2008, not Windows Server 2008 R2.  Is this a concern?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33535835
It shouldn't be at all. Same platform just a different release.
0
 

Author Comment

by:jamorlando
ID: 33536101
Thanks.  I installed 2008ADMX.msi and preferences.msi from that page, and there isn't a wuau file.
0
 

Author Comment

by:jamorlando
ID: 33536166
OHHH ... I found wuau.adm.  It is in the Windows\inf folder on the server that I installed WSUS on.  Can I copy this to my domain controller and then proceed with the steps?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 400 total points
ID: 33542150
Yes exactly, once you have done this you should be on your way.
0
 

Author Comment

by:jamorlando
ID: 33566806
Awesome.  I was able to push Group Policy Extensions to my coworker's machine successfully.  I will be testing it on a few more machines and then deploying it througout the organization.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question