Security

Tech Tip: Control automatic updates/Configure server-side Dynamic DNS

Windows 2000 Professional: Control automatic updates

In Windows 2000 Service Pack 3, the Automatic Updates feature takes the place of Critical Update Notification for simplifying updates and patches to Windows. However, many administrators prefer to use other means to distribute and install these items.

On individual systems, you can turn off Automatic Updates via Control Panel's Automatic Updates applet; just deselect the Keep My Computer Up To Date option and click OK. When you need to disable Automatic Updates for several computers, group policy is often the most efficient means.

Follow these steps to disable Automatic Updates using a group policy:

  1. Open the Active Directory container to which you want to apply the policy, and then open an existing group policy object for that container or create a new one.
  2. Expand the Computer Configuration branch, right-click Administrative Templates, and choose Add/Remove Templates.
  3. Click Add, choose Wuau.adm from the %systemroot%\Inf folder, click Open, and click Close.
  4. Expand the following policy branch, and disable the Configure Automatic Updates policy:

Computer Configuration | Administrative Templates | Windows Components | Windows Update

You can also use this group policy to control Automatic Updates in other ways and other situations. For example, you might want some systems updated automatically but not others. You can configure the policy at the appropriate Organizational Unit (OU) in Active Directory to specify the action needed for computers within that particular OU.

Windows 2000 Server: Configure server-side Dynamic DNS

Dynamic DNS (DDNS) enables a client computer to register its host records in DNS automatically. DDNS makes it possible for DNS records to remain accurate even for computers whose IP addresses change.

You can configure a handful of properties on the Windows 2000 DNS server to control dynamic updates from clients. To configure these properties, open the DNS console, right-click the domain's zone, and choose Properties.

The General tab includes an Allow Dynamic Updates option that controls whether clients can update their host records. The following options control automatic updates:

  • No: Prevents DHCP clients or servers from updating resource records in the zone.
  • Yes: Allows DHCP clients and servers, including those outside the domain, to perform unsecured updates to the zone's resource records.
  • Only Secure Updates: Requires the DHCP client or server to authenticate in the domain before it can update host records in the zone.

The No and Yes options are available for all zones; the Only Secure Updates option provides the best security but is only available for Active Directory-integrated zones.

In addition to configuring automatic updates, you can also configure scavenging, which enables the server to remove host records that exceed an administrator-specified age. Scavenging resource records helps the server maintain accurate host records. To configure the refresh period for resource records in the zone, click the Aging button on the General tab, and use the resulting dialog box to set the refresh interval.

Editor's Picks

Free Newsletters, In your Inbox