I’m trying to setup a WSUS, having everything on the server installed, updates downloaded and accepted, etc… ready to go
problem is, when I go into group policy and try to change the 2 relevant settings:
Computer Config>Policy>admin template>windows component>windows updates
*configure automatic updates (to set update policy- i tried allow local admin to choose)
*specify intranet microsoft update service location (to set WSUS location – mandatory for WSUS use am I correct?)
once I kick out this gpo, the local users are no longer able to run updates themselves, getting the settings are controller by system admin message
I want to use WSUS, but I want the ability to manually run updates to still be in the hands of users – especially onsite people who may need to manually run updates either after restoring a machine or because an update may be required for something else to run correctly
what am I missing? is there a way to set the gpo to tell computers the WSUS location but otherwise leave the settings alone?
