Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SUS Question???

Status
Not open for further replies.

neutec

Technical User
Apr 26, 2003
343
Hello All,
I have a Win2k server running SUS. Everything is working fine. What I need SUS to do is update new PC's I add to the network that have not had any patches applied. I want to force the update rather then waiting for it to update 24 hours later. Does anyone know how to do this? If I use the Windows Update link it of course goes to Microsofts update site and not my SUS server. I would like to speed up the updates by using our SUS server.

Thanks
 
Did u used Active Directory policies? Wuauau template? If not tell me to give u procedure...

Note: U have to deselect "enable Automatic update" option on PC before joining it to domain. While turned of AU is available to SUS server to control updating of PC through AD policies.

Srkey
 
What I have done is enable the local GPO for the new system to update from my SUS server at the top of the next hour. Then when I bring the system into the domain, it will get it's new policy from the GPO in the AD to update itself once a week.

The SUS software isn't setup to be used like the Windows Update site is. You can manage it via but that's it. You don't navigate to your local server from a client computer to update the client. The only way to update it is via GPO's.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
I have sent up SUS using a GPO with the Wuauau template. I didnt disable autoupdate for the clients when I made the gpo./ Maybe I will change that.
 
U have 3 thinks to do with policies>

FIRST> Computer Configuration\Admin Templates\Windows Components\Windows Update -
Configure Automatic Updates
„O Enabled
4- Auto download and Schedule time
Schedule day: enter day
Schedule time: enter time

SECOND> Specify intranet update services for detecting updates -
3rd> User configuration\Admin Templates\Windows Components\Windows Update,:
Remove Access to use all windows update feature
„O Disabled
3rd settings must be Disabled 'cause it is policy that prevents updating, something like turning off SUS.

If your client is older than XP SP1 or W2K Pro SP3 u must install WUAU.MSI on client. Note> must disable automatic update in Control Panel before adding computer to domain with SUS, otherwise PC will continue using Microsoft server.

Also> check your approval list in SUS admin to see are there approved updates. Currently there are 615 mb of updates that each newly installed SUS must download. So, if u reinstall SUS for any reason copy content of old folder named content to new one named content. In this manner u will avoid downloading updates again, u will just have to synchronize catalog again wich is aprox. 5-7 minutes.

Hope this helps

Srkey
 
Thanks for the tips,
Quick question, When you apply a GPO, Does it have to applied to a computer or should it be applied to a user. I cant seem to get it wo work when I apply it to users only. I have to move my computer accounts to the OU that the GPO is applied to.

Thanks again for your help.
 
Does anyone know if the server you install SUS on, should be reachable from I know to administister you append /susadmin. But since I am doing what you guys are doing (from AD) I was just wondering if anything should pop up if I point my browser to that URL.

I can not seem to get the client to pull it's update from the SUS server.

I disabled Auto update but when I manually fun it the client goes to C:\WINNT\Web\wum.htm. Then I can click on a link and it brings me straight to MS Windows Update site.

I set all the policies according to the manual. I am wondering if I missed something.

Here is what I did:
1. Installed SUS on my W2K server
2. Syncronized the server with the MS site.
3. Approved the updates.
4. Added the Wuau.adm to the target OU.
5. Set up the policy in the OU for the client to pull from the server.

I set it up so that it would prompt the user on the client computer when to reboot. But I did not see anything.

Thanks,

BM
 
Well, When I try that on my server I cant. Im assuming all you can do is use the admin section.
 
Well,
after u add wuauau template by right-clicking on admin template folder under computer configuration in GPO u will get 3 new policies that that template creates, that i mentioned in previous post. Two of them are under computer configuration and last one that u use when u want to disable update for some reason is under user config section of GPO. In my case, from other reasons, i was creating global groups in OUs and assigning users and also their computers into those global groups so i did not tried to add just user without computer.

Bulkmail,
did u configured 3 policies that wuau.adm creates? There u can configure schedule, parent server and enable/disable of updates. Without those options configured nothing is achived. Considering rebooting not all updates require rebooting in first place but u can check in add/remove prg. on clients are there any updates installed.
HTML Console should appear in administrator tools as Software Update Service Admin and should lead u to
target.
 
Make sure the GPO is applied to the clients by either rebooting or running GPUpdate.

Check on the client in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update for the LastWaitTimeout. This will tell you when it will next check for updates.
Also, the AUState gives some valuable info. Here's the possible values for it:
0 = Initial 24 hour timeout after detecting Internet Connection
1 = Waiting for user to run AU wizard
2 = Detect pending (Looking for new patches)
3 = Download pending (waiting for user to accept pre-download prompt)
4 = Download in progress
5 = Install pending (Waiting for install of downloaded patches)
6 = Install complete
7 = Disabled (Adoptions will also be set to a value of 0x1)
8 = Reboot pending (Waiting for reboot required by installed patches)

(Got this info from
 
Srkey,

What is wuauau? In my policies there are four things that i can configure. And i have enabled all. I know that the policy is in effect cause the computer does not go 'directly' to the ms site. Instead there is a page that asks me to 'connect'. That I think is my main problem.

Here's another question, under the policy 'specify intranet microsoft update service location' i have the following settings:

Set the intranet update service for detecting updates

set the intranet statistics server:

Is that where I am going wrong?

I will try philote suggesition too.

Thanks,

BM
 
Wuauau is an administrative template. In GPO, under computer configuration u right-click on Administrative Template folder and then u click Add/Remove template. In Add/Remove window click on Add button and select wuauau.adm.
After u do that new folder named Windows Update should appear under Administrative templates folder in GPO.

2. Yes, is a proper url.
 
Perhaps that is my problem. Cause the only have wuau. Not wuauau. But even so, the one i added still has the same properties everyone is talking about.

BM
 
Are you using win2k active directory?

If you are then you would have to edit your policy to make detection cycle less than the default 17 to 22 hrs as what you do on the new machines would be overwritten by the doman policy.

 
I'm having a semular problem like BM here, so i'm paying a lot of attention to this post, but my question here is :

Do you have to put Users + Computers in the OU to make them load the Winupdate policy?

Because i'm running everything good ( when i change my local policy it works perfectly) but as soon as i want to make a policy in the AD, it doesnt work at all.

Any help would be very very welcome.

 
Hi Urnen,

My policies work fine in AD. It is just this particular policy to the OU that I am having problems with. SRkey mentions WUAUAU and i only see WUAU.

You need to insert the user if you are making User policies in the OU. Other than that, if you are making Computer Policy changes then I think you can just go with the computer account.

BM
 
We're using the WUAU.adm template (WUAU = Windows Update Automatic Updates I believe).

It sounds like you have everything set up correctly, but I'm concerned about one of your previous posts where you said:

"Set the intranet update service for detecting updates

set the intranet statistics server:

Make sure these point to YOUR server, the one running SUS. So, if your server was called Bubba, you'd put for those values. And you'd access your SUSAdmin site by going to
 
I am also experiencing a similar problem with GPO's being applied to OU's. When I apply the GPO at the domain level (Default Domain Policy)and configure the 3 options in administrative templates (computer configuration) everything works fine.

However when I edit the OU Group Policy the same way it is not being applied. I have gone to the extent of blocking policy iheritance, but to no avail.

Any suggestions ???
 
thanks philote,

It is poing to the server running SUS.

Does anyone know where to change the detection cycle?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top