Solved

Removing Admin rights to the users laptops breaking WSUS windows updates

Posted on 2013-01-23
4
387 Views
Last Modified: 2013-01-25
Is that a legitimate excuse not to remove admin rights to the users laptops?  My vendor does't want to do it because issues at the previous project.  It broke WSUS updates and Windows updates cannot be pushed.
Anyone saw the same issue before?
0
Comment
Question by:Tiras25
4 Comments
 
LVL 16

Accepted Solution

by:
choward16980 earned 125 total points
ID: 38811702
The windows update service does not run with local user permissions on windows 7. I've seen it break on XP prior to the windows 3.1 installer needing to be installed through IE.
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 125 total points
ID: 38811712
No...WSUS will push to a client machine, nothing to do with the user account...

What server OS are we talking about here?

SBS 2003/2008/2011 will push updates to client machines without issue regardless of the user being an admin, that's how WSUS is designed...but maybe some of the WSUS GPO settings are different/changed from the default...
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 38811718
The don't need admin rights, that would be a horrible design.

In the immortal words of Joe Richards

"Please slap that consultant and say it was from me."  :)

Thanks

Mike
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 125 total points
ID: 38811762
> Anyone saw the same issue before?
What issue? Please describe it a little at least. "broken" is not very descriptive.
WSUS does not push, but clients pull. And yes again, the update service does not care about what group the user is in - if the update service is set to do scheduled installs.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question