Can you push windows update using a GPO? 1

[ilusv]

What do you experts think?

 

[packdragon]

I don't think you can use GPO to tell computers to go visit Windows Update and get the latest stuff. However you can download the individual updates and install them to computers vis GPO. However the updates have to be in MSI format. Microsoft usually provides MSI's of service packs, but not individual updates.

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-

http://www.solien.com

 

[qtin]

Have you thought about SUS?

http://www.microsoft.com/downloads/...E41-4F54-972C-AE66A4E4BF6C&displaylang=en

Add in the Admin Template and you can set the PCs to pull from your server instead of windowsupdate.microsoft.com

 

[swabs]

SUS works great for pushing software updates and security patches. However,I do not recommend that you use it to push out service packs as it frequently locks up computers for hours.
What I have found to work best it to use Group Policies for Service Packs and then SUS for updates/patches. SUS is pretty straightforward and easy to configure. The first time you approve updates in SUS is going to be the most taxing to the Users. Because it will most likely install a large amount of updates that will get all machines on the same page. So you might have 1 or 2 computers have a slight error during the first push.
But after the first push, the new updates are fairly seamless.

 

[Trackhappy]

swabs is right on the money. SUS works a treat. We have it rolled out to all 7 sites from our central server via a distribution server at each site (slow links). Only thing to watch is servers restart automatically during the update, which can be a bit disconcerting. We leave somebody logged onto them and that stops the reboot until you start using the session and it asks you whether to reboot or not. A hint I found useful, in the console where you approve the updates (

http://servername/susadmin),

go into details of an update and you can select the manual install to test it on your own machine prior to releasign it to the masses.

 

[minxca]

Can we push with SUS? I thought PC's must pull from the server. I use software from GFI to push SP, hotfix (windows and Office).

 

[ghanz1]

Well, you configure the client Automatic Updates and BITS-services using GPO's to pull it off the SUS server. So from Windows 2000 and up you can force the updates to the clients. There are ofcourse clients available for older systems. Only drawback is the lack of proper reporting, but overall it works great.

 

[Trackhappy]

It still pulls, but is under the control of a policy. You import a template into the GPO, which has all the settings for your SUS. On 2000 clients and up this modifies the Windows Update client to pull from the SUS server according to the policy settings. You can tell the policy has applied on a client by looking in Control Panel at the Windows Update settings. They will be greyed out when SUS policy has applied. Users can sideline the reboot once, but next logon it will automatically apply 1 minute after logon if you set the policy that way.

 

[ilusv]

Never thought about SUS; but it sounds like its the best way to go. I will look into some more.. Thank you for the input.

 

[00071491]

First of all, SUS rocks. But it doesn't "Push" the updates to the client, the server broadcasts that the updates are available to the clients, and THEN they go and download/install from the server. I just had to clear that up for those of you who think they get "pushed" to the clients.

If you want to "Push" them to the clients, I suggest Systems Management Server (SMS) from M$ or ZENworks from Novell. They can do what SUS cannot, but cost money, whereas SUS is free.