Automatic Updates using a SUS server

[neutec]

Hello Everyone,
I have a network in which Windows updates are preformed using a SUS server. The workstation are able to update manually fine however I would like to force the updates via a GPO and automatically install them without any intervention of the users. Does anyone have any suggestions how this can be done?

 

[TechieMan]

Hi neutec,

It’s dead easy to do using a GPO. On the OU where your workstations reside, create a new GPO (or modify an existing one) then navigate to 'computer Configuration\Administrative Templates\Windows Components\Windows Update

As long as you have your SUS box on the network and it has been setup correctly, you can change the Specify intranet Microsoft update service location setting in the GPO to point to the name of this box (i.e.

http://WSUS_Server_Name)

The only other key I set for my workstations was the configure Automatic Updates key, which has the options of how you want the updates to be installed (Notify for download & install, Auto download & notify install etc...) The day and the time.

A reboot of the workstations once the GPO has been setup should apply the changes.

Just a note (I’m sure you know this!) - You should really test the updates on at least 1 test PC first before automatically installing them. Within WSUS I have set up a testing directory which contains a few workstations that get installed first once the new updates have been approved. If there are no issues then I roll them out to the other machines on my network.

If you are not on a domain, then you can install updates automatically from SUS using the registry keys, which you would need to install import on each workstation. I have a workgrouped PC which has this setup;
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="

http://IP

Address of WSUS Server"
"WUStatusServer"="

http://IP

Address of WSUS Server"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004 (Different numbers explained below)

2 - Notify for download and notify for install
3 - Auto download and notify for install
4 - Auto download and schedule the install

"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:0000000a
"NoAutoRebootWithLoggedOnUsers"=dword:00000001

Hope this helps,
TechieMan

 

[Davetoo]

You should have posted this in the Server forum, not the Exchange forum.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[58sniper]

A reboot of the workstations once the GPO has been setup should apply the changes.

You don't need to reboot to get the GPO to apply. It should apply by default during the GPO refresh cycle. Only application package installations need a boot (as far as things getting installed).

Pat Richard
Microsoft Exchange MVP
Contributing author Microsoft Exchange Server 2007: The Complete Reference