Solved

WSUS Restrictions via a GPO

Posted on 2012-03-23
3
287 Views
Last Modified: 2012-04-05
I have a large AD Domain made up (mostly) of Windows based Workstations and laptops.  The OS's are a mix of Win XP and Win 7 professional editionss.  We manage our windows updates via GPO's - see attached .jpg for example of settings.  

My issue is this: WSUS works fine but I don't seem to be able to restrict users from manually accessing Windows automatic updates.  One of the issues, that I cannot change, is that all staff users (we're a school district) are local Admins on the workstations, so the setting "Allow non-administrators to receive update notifications" doesn't apply.  Is there a way that I can restrict a person's access to manually run Automatic Updates, say for example based on AD group membership, regardless of their status as a local admin?

Thanks,

Noah
WSUSGPO-example.jpg
0
Comment
Question by:nkeables
  • 2
3 Comments
 
LVL 47

Accepted Solution

by:
dstewartjr earned 250 total points
Comment Utility
The policy "Allow non-administrators to receive update notifications" is in order to allow normal users to install updates...disabling will also stop them from getting the "Yellow Shield" notifying that updates are available to install.

The settings you are looking for are below.


http://technet.microsoft.com/en-us/library/bb457141.aspx


Preventing Access to Windows Updates and Automatic Updates

You can use Group Policy settings to disable both Windows Update and Automatic Updates.

    To disable Windows Update and Automatic Updates on a per-computer basis, configure Turn off access to all Windows Update features in Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings. See “Turn off access to all Windows Update features,” earlier in this document.

    To disable access to Windows Update and Automatic Updates on a per-user basis, configure Remove links and access to Windows Update in User Configuration\Administrative Templates\Start Menu and Taskbar. Enabling this policy setting removes access to Windows Update features for the specified user, but Automatic Updates still checks for updates for the comp
0
 

Author Closing Comment

by:nkeables
Comment Utility
The article you referenced provided the solution I needed.  I had configured GPO's for updating from our WSUS, but was un-aware of the setting  to turn off all windows update features.  The setting "Turn off access to all Windows Update features" was found at  Computer Configuration\Administrati<wbr />ve Templates\System\Internet Communication Management\Internet Communication settings.  This allows Automatic updates to take place but prohibits all Windows Update  web site interactions.<br /><br />Thank you
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
Glad to help
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

User Beware!  This is a rather permanent solution to removing your email from an exchange server.  The only way to truly go back is to have your exchange administrator restore your mailbox from backups.  This is usually the option of last resort.  A…
The new Microsoft OS looks great, is easier than ever to upgrade to, it is even free.  So what's the catch?  If you don't change the privacy settings, Microsoft will, in accordance with the (EULA) you clicked okay to without reading, collect all the…
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now