General discussion

Locked

Software Update Services user rights

By unclebyron ·
I am using trying to setup Microsoft SUS. Yes, I know about WSUS but we don't want .net right now. Anyway,we have single domain and use the domain global policies for the domain computers. I setup an Organizational Unit that will hold only those computers we want to update. It has its own global policy which is identical to the domain policy except that Automatic Updates is turned on. The problem is that an ordinary domain user cannot install scheduled updates. Only an administrator can do so when he logs in. What rights are missing from domain users? The Everyone group has Read rights to the c:\Sus directory and below on the Update server. Microsoft says that ordinary users can install updates if they are scheduled updates.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Software Update Services ...

well both kinda run the same way. WSUS has a better GUI for administrative purposes but the basic Group Policy runs the same.

you approve updates for installation and then how you configure the GPO in the workstations [in XP Group Policy computer configuration for updates] determine how they get installed.

you just point the workstations to the SUS server [edit the computer GPO for intranet then set the Automatic Updates to auto download then schedule the update [don't use notify].

Collapse -

by CG IT In reply to

you don't want the user to install updates. Sorta defeats the purpose of SUS or WSUS which is to have control over what gets installed and when so that critical updates always gets installed or that you have a chance to test out an update so it doesn't break anything. SP2 when it first came out caused havoc with some networks because the firewall was turned on by default.

Collapse -

by HAL 9000 Moderator In reply to Software Update Services ...

This should give you the answer to your question it's MS's use of SUS.

http://tinyurl.com/6cea5

Col

Collapse -

by unclebyron In reply to Software Update Services ...

I understand your point about installations under the user profile, but the users can only install what we approve and we won't have to login to all of the workstations as an administrator. Some we will setup in remote locations. We don't use local computer GPO's but Active Directory GPO's. I have been to the website that was recommended before but it didn't help with my problem. When a domain administrator logs in it works but not an ordinary domain user account.

Collapse -

by CG IT In reply to Software Update Services ...

Not sure why you have the problem you have. All our machines are configured with a AD GPO and none have problems [but we're using WSUS and not SUS. We did run SUS and the GUI for WSUS is far easier than SUS but both run basically the same.

How is the GPO configured and then applied?

Our GPO specifies our internal WSUS server and we configure computers [not users] Windows settings to autodownload and schedule install at 11pm. Works like a champ. There is no difference in a GPO created for getting updates in an AD environment on SUS as in just configuring the local machine GP. Both configure the workstation the same way.



A GPO created in AD and linked to the appropriate OU that the workstations are on should work the same as if you configured a local machine GPO.

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums