Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Software Update Services ?

Status
Not open for further replies.
bdoub1eu

bdoub1eu

IS-IT--Management
Joined
Dec 10, 2003
Messages
440
Location
US
Hi all! Since the setting in Group Policy is a computer configuration rather than a user configuration, do I need to add all my machines into the Security option and then apply the policy to the machines or will applying the group policy to "authenticated users" work on this?

Thanks in advance!
 
Sort by date Sort by votes
Though it says "Authenticated users", that actually means anything with an account on your domain, so it also includes your workstations. If you set SUS GPOs to apply to Authenticated Users then all of your systems will be using it.

I took Authenticated Users off of the permissions for my SUS policies and created two new groups, PC-SUS and SERVER-SUS. That way I can specify different settings for PCs and servers. In my case, PCs automatically download the approved updates and then install them at 4am (or the first boot after 4am, if the PC is powered down). The servers automatically download approved updates, but doesn't install them.

In my environment, when an administrator is logged into the server, they get a notification that the updates are available to install. Since some of the updates will require a reboot, you probably wouldn't want your servers rebooting on their own. So I usually schedule a server downtime period on the first weekend after MS releases a batch of updates so that I can install them on each server manually, then reboot them and make sure that the appropriate services are all running.
 
Upvote 0 Downvote
Thanks for the response...I actually just applied the GPO to "domain computers" and it worked like a champ...

? about SUS...

When I look at the available updates to approve for SUS, I see a platform as Windows XP RTM (release to manufacturer). How do I know if I have any of these on the network? Also, there are so many patches and updates available, how do I know which ones to approve? If I just approve them all, are the workstations smart enough to poll the SUS server and see what they need, similar to windows update through a browser?
 
Upvote 0 Downvote
The answer is yes. The workstations will install whatever updates they are missing.
 
Upvote 0 Downvote
Is that a good rule of thumb to just approve everything and let the workstations install what they need? Is that what most people do?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lacked
  • Locked
  • Question Question
problem with windows update on windows server 2016
Replies
1
Views
453
maybeimaleo
maybeimaleo
AndyH1
  • Locked
  • Question Question
Login and Reporting Services and sessions issue
Replies
0
Views
258
AndyH1
AndyH1
intel233
  • Locked
  • Question Question
Computer GPO - Software Install
Replies
0
Views
241
intel233
intel233
lameid
  • Locked
  • Question Question
Remote Desktop Services - No Domain - Some desktop and Some Application
Replies
0
Views
243
lameid
lameid
GTAdoum
  • Locked
  • Question Question
DHCP and performance services not working
Replies
2
Views
316
technome
technome

Part and Inventory Search

Sponsor

Back
Top