General discussion


domain policy to enforce windows update

By orcsattheg8 ·
I am currently using SUS to perform updates within our domain. I am looking for a policy to enforce the aspects of that policy. I found what appears to be just that but the policy is not having affect on machines within the domain. They are retaining the local policy, ie server, time etc of updating. Ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by dmiddltn In reply to domain policy to enforce ...

Here's the policy I used; works great!
Make 100% sure that you have the most recent admin templates installed - I used the ones that came with Windows XP SP2.

Computer Configuration (Enabled)
Administrative Template
Windows Components/Windows Update
Policy Setting
Allow Automatic Updates immediate installation Enabled
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day: 0 - Every day
Scheduled install time: 20:00

Policy Setting
No auto-restart for scheduled Automatic Updates installations Enabled
Reschedule Automatic Updates scheduled installations Enabled
Wait after system
startup (minutes): 1

Policy Setting
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://<your server>
Set the intranet statistics server: http://<your server>
(example: http://IntranetUpd01)

Collapse -

by orcsattheg8 In reply to

These settings are present on each client and at present are working fine. However, I would like to change time of updates through domain policy and the clients are retaining local policy. Thanks anyway.

Collapse -

by CG IT In reply to domain policy to enforce ...

the answer to your question is in the SUS white paper deployment guide available from the SUS site. look on page 53 for client configuration which includes setting times.

and check this link :

for applying automatic updates with group policy.

Collapse -

by orcsattheg8 In reply to

I have already done this. Now that I look at the white paper, I'm not so sure it didn't work initially. The paper states that local policy will be over-ridden by domain policy, which I knew. What I'm not sure about now is whether that change is reflected in the local policy when viewed from gpedit.msc on the client. It may remain the way it was done locally , yet follow domain policy. I will have to look at the synch logs from the SUS. Thanks for the help.

Collapse -

by orcsattheg8 In reply to domain policy to enforce ...

This question was closed by the author

Related Discussions

Related Forums