Another SUS Question

[thebdj]

I have got SUS up and running beautifully although there are some very quirky bits to it (not too surprised this is version 1.0!).

We are running a network entirely on Win2K with Professional at desktop level and Server at Server level. I have got everything as I would like it but there is one thing that is VERY annoying and needs to be sorted.

For some reason when you schedule an update it tells you about the information you are going to receive almost immediately, whatever time of the day. You are given the option to Install immediately or ignore the information. You cannot deselect the updates or click 'remind me later'. Now I'm not worried about the greying out, that's good but I don't want this alert popping up on everyone's machine.

I have looked all the way through the Active Directory Group Policies and was hoping that there would be something there allowing me to stop this. Ideally there would be something on the SUS Server that would allow me to stop this pre-schedule option to become readily available.

Any help much appreciated!!

Cheers
Justin

 

[philote]

How are your settings in the GPO configured? Are the updates set to download automatically and schedule an install?

 

[thebdj]

They are scheduled as number 4-Auto Download and Schedule the Install.

This is how I want it. It is scheduled to install at a silly hour in the morning which is also what I want but I don't want these lovely colourful popups being offered to below par technical users (if you catch my drift)

Justin

 

[philote]

Wish I knew the answer... I have ours set up to download and install automatically as well and have seen the little "Install Updates" message and icon on some people's computers. I haven't really looked into this yet but next time I see this I'll have to check the computer's registry settings for Windows Update and see if it's still scheduled to install when I told it to.

 

[Davetoo]

What you are seeing is by design. It allows the users the option of installing the updates when they're available instead of waiting for a preset schedule.

For instance, I setup our SUS to update every Saturday morning at 3:00 am. Since its our policy to not leave computers on during off hours, obviously no systems will be updated over the weekend. However, on Monday when the users fire up their systems, the updates will load and they'll need to reboot.

Now, if during the week an update is made available through the SUS server, then the users will see the icon in the system tray and, if they choose, can go ahead and install them during the week. This will prevent them from having to do the installs on Monday morning.

We're rolling it out without deploying the user GPO, but if after checking systems in a month or so we find that some users aren't saying "Yes" to update, then we'll deploy the user portion of the GPO to take that option away from them.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[jimv2502893]

Forget about SUS. Download freeware called HFNetChkPro4 from

http://www.shavlik.com.

You have more options in downloading security patches and updates. Plus it works with NT,2000, and XP. You also do not need to install a client agent on your local computers... Good Luck

 

[Davetoo]

It's not freeware, the download version works for 10 workstations only (according to the fine print on the website).

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[GlenJohnson]

http://hfnetchk.shavlik.com/

Here's a free version. I've used hfnetchk for a couple years and it's great.

Glen A. Johnson
"Fall seven times, stand up eight."
Proverb

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[Davetoo]

The "free version" just checks to see if systems are updated. It doesn't do the updating.

I too have used that software to check systems, but deployed SUS to do the actual updates.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[Davetoo]

Wait...didn't scan down to see the LT package. Do you use that to deploy patches to your systems? What's the difference between the LT and the Pro versions (other than price obviously)?

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[GlenJohnson]

True, I hadn't thought of that point since M$ not always gets there patches right. I usually wait around a month after a new patch comes out before installing it. I remember how much trouble the patch was for terminal servies was a couple years back. Good luck.

Glen A. Johnson
"Fall seven times, stand up eight."
Proverb

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[Davetoo]

Answered my own question...the LT version allows up to 50 servers/workstations to be updated. Still no good for a medium sized business.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[thebdj]

Whilst it's lovely to see a lively debate spark up about other solutions, I am stuck with Microsoft. The whole thing is all very good as far as I'm concerned but I DO need a workaround.

The idea about scheduling for the weekend when 'pooters are off and then auto-updating when they are on is not viable as once again it puts the user in some sort of control when it asks them if they want to reboot. I don't want them to see ANYTHING from start to finish, just have an updated machine.

Are we sure there is nothing in GPO where I can take-out that annoying little Windows Update pop-up, that'd be the answer to all my problems! At the end of the day I don't want my end users to have any power or access at all, they're a liability

Thanks for your help
The BDJ