Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

2008 Standard domain controller policy for client windows updates

Posted on 2014-11-21
6
362 Views
Last Modified: 2014-11-22
ENVIRONMENT
I have a small network in my office. I am the network administrator.
I have a single DC, windows 2008 Standard server. I set it up from scratch.
I doubt this matters, but it is a virtual machine running on VMWARE ESXi 5.1
Most all PC's in the network are joined to the domain.

PROBLEM
I want all PC's joined to the domain to download windows updates, but to ASK to install them. The middle of the night auto update reboots are infuriating!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ATTEMPTS
I have made multiple attempts to resolve this, but I will admit Group Policy is incredibly confusing, and I can't find a straight step by step, go here, do this, go there do that, that will resolve my problem.

I have followed these steps:
gpmc.msc
Expand domains
Expand the local domain
Right click on Update services client computer policies.
Click edit
Expand:
Computer Configuration > Policies / Administrative Templates > Windows Components > Windows Update.
Enable the setting and Set to:  3 - Auto download and notify to install.

But when I use gpupdate/force from the DC command prompt, followed by rebooting a domain PC. On that domain PC, I then go to: control panel>windows updates>change settings on the left side, and the settings still say install updates automatically, NOT auto download and notify for install (which is what I told the DC GPO to set it as) which is what I am expecting to be there.

QUESTIONs:

#1 How do I Tell the DC to have a group policy that will tell the domain PC's to download updates and notify for install?
I am looking for a step by step instructions as to how to make this change. (based on my apparent level of knowledge. I don't need to be told what the start button is, but my frustration is that when I try to follow other net based instructions that say things like "Use an existing GPO, or add a new one", etc... I am lost as to how to do either of those, and then fall down on being able to go to the next steps...)

#2 How do I then test to see that the proper setting has been applied to the domain PC's?

Thanks to ALL of the EE community who take the time to read this, and even more thanks to ALL sincere help that is provided. YOU guys are greatly appreciated!!!
P.S. I don't see an option to put points onto this question. I would like to show my appreciation to anyone who provides the answer.
0
Comment
Question by:jwulf1092
6 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40459290
"But when I use gpupdate/force from the DC command prompt"

Your problem.

You dont use gpupdate to PUSH policies. You run it on the PC to PULL policies.  this "But when I use gpupdate/force from the DC command prompt" just refreshes the DC's policies NOT the PC's
0
 
LVL 1

Expert Comment

by:Deorali
ID: 40459366
Follow this article to understand and implement group policy for WSUS.

http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40459388
You are correct, you should see the GPO change in Windows Update Setup on client PC with something like "Some settings are managed by your administrator". Rebooting the PC should sync and apply GPOs. A gpupdate /force on the client might help to propagate GPO changes faster without rebooting.
0
 
LVL 1

Author Comment

by:jwulf1092
ID: 40459776
Neilsr.
DOH! (Said in the voice of Homer Simpson)
I should have known that, but I didn't. Important lesson learned. What this did validate for me is that I did a good job sharing all of the extremely pertinent details without assumptions, so that you could quickly zero in on my problem!!!
I went to a couple client PC's, and checked the settings before doing a Gpupdate /force, and they had already been updated, as the policy had now propagated.

Thank you for an absolutely pinpoint and perfect answer!!!
How do I give you points for this answer?
0
 
LVL 1

Author Closing Comment

by:jwulf1092
ID: 40460312
Pinpoint perfect answer. I STILL don't see how to assign points :(
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question