troubleshooting Question

Configuring who can install MS Updates

Avatar of sedberg1
sedberg1 asked on
Active DirectoryMicrosoft Server OSWindows Server 2008
5 Comments1 Solution433 ViewsLast Modified:
Our domain has about 30 servers used for hosting LOB applications.  We do updates only quarterly but unfortunately we've situations where local admins have installed MS updates and rebooted servers when they should not have, disrupting service.  So, I wanted to see:

1. How to disable to pop-up that appears in the notification area that tells users there are MS updates ready to install.  I'm looking through Group Policy but can only find a setting to disable the pop up for non-admins.  And I can't remove certain domain users from the local admins group, however, those particular users are not domain admins.
2. How to restrict the MS updates so only domain administrators can install MS updates.  Can't find this setting and have looked online.

We're running purely 2008.  The DCs are both 2008 R2.  Forest and domain functional levels are 2008 R2.  All servers are part of the domain.  

Any suggestions?

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros