Server 2008 R2 WSUS updating Server without approval
Hello,
We currently setup a WSUS server and for some reason without us allowing it in the group policy the WSUS started installing update on our server and rebooting it without approval.
Is there a setting in the WSUS that perhaps supersedes the GPO?
I can see the Automatic approval rule in the WSUS is set to default.
I also see under "Options" "Computers" it says "User Group Policy or the computer registry"
But then when I go to the left pane and click on "Computers" under "unassigned Computers" I see all my computers and even my server.
Today all servers were updating and rebooting without our consent.
So again can the WSUS force the updates and reboot without GPO consent?
We currently setup a WSUS server and for some reason without us allowing it in the group policy the WSUS started installing update on our server and rebooting it without approval.
Is there a setting in the WSUS that perhaps supersedes the GPO?
I can see the Automatic approval rule in the WSUS is set to default.
I also see under "Options" "Computers" it says "User Group Policy or the computer registry"
But then when I go to the left pane and click on "Computers" under "unassigned Computers" I see all my computers and even my server.
Today all servers were updating and rebooting without our consent.
So again can the WSUS force the updates and reboot without GPO consent?
Chris
WSUS is only a source for updates. No policies are applied to computers from the WSUS console. You will need to check over your group policy settings and probably enforce settings to prevent automatic installation and reboot.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello,
Check the below link which help you to configure the Automatic Updates with GPO.
http://technet.microsoft.com/en-us/library/cc720539%28v=ws.10%29.aspx
Check the below link which help you to configure the Automatic Updates with GPO.
http://technet.microsoft.com/en-us/library/cc720539%28v=ws.10%29.aspx
ASKER
I've attached what I currently have going on in my GPO... I see "Configure Automatic Update" is enabled but "Allow Automatic Updates immediate installation" is set to Not Configured.
Does this mean that it was the WSUS pushed the installation?
Also should I set set all of these options to a "Not Configured" state and create 1 Policy linked to a OU for servers where it does not update the server so I can do that manually and create another Policy for Computers and linked that one to a Computers OU?
I'm assuming that by changing the State to "Not Configured" in the "Default Domain Policy" will not interfere with the 2 new policy that I would create to link to Servers OU and Computers OU.
Please advise guys. Thanks!
gpo-settings.jpg
Does this mean that it was the WSUS pushed the installation?
Also should I set set all of these options to a "Not Configured" state and create 1 Policy linked to a OU for servers where it does not update the server so I can do that manually and create another Policy for Computers and linked that one to a Computers OU?
I'm assuming that by changing the State to "Not Configured" in the "Default Domain Policy" will not interfere with the 2 new policy that I would create to link to Servers OU and Computers OU.
Please advise guys. Thanks!
gpo-settings.jpg