Lordmathos
IS-IT--Management
Hi All is there any way to configure the client computers to go directly to the server to check for updates and not out to the microsoft webite at all
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
WSUS 3 1
- Thread starter Lordmathos
- Start date
- Status
Your wording is a bit unclear.
By default any client configured to use WSUS will get its automatic updates from the WSUS server rather than MS.
If you mean going further than this and stopping users hitting Windows Update from within IE then you'll probably need to get friendly with your firewall settings. i.e. Allow only the WSUS server to get out to Windows Update.
Group Policy for Vista I believe allows you to restrict whether a client can still go out to MS directly or not, don't know if there is an equivalent GPO for W2K/XP.
Neill
By default any client configured to use WSUS will get its automatic updates from the WSUS server rather than MS.
If you mean going further than this and stopping users hitting Windows Update from within IE then you'll probably need to get friendly with your firewall settings. i.e. Allow only the WSUS server to get out to Windows Update.
Group Policy for Vista I believe allows you to restrict whether a client can still go out to MS directly or not, don't know if there is an equivalent GPO for W2K/XP.
Neill
- Thread starter
- #3
Lordmathos
IS-IT--Management
I thought that if a user tried to do a manual update then it goes out to the microsoft website first and then downloaded the actual updates from the wsus server
Sort of. If WSUS has already downloaded the updates to the client but the user hasn't installed them and you do a manual update then it won't re-download the updates it'll use the ones on the local disk.
However if there are updates that you haven't authorised in WSUS or haven't been downloaded to the client yet they will be picked up by the manual update and downloaded.
I'm lucky in that most of my users wouldn't even bother clicking on any menu entries in IE let alone Windows Update. Too advanced for them.
Neill
However if there are updates that you haven't authorised in WSUS or haven't been downloaded to the client yet they will be picked up by the manual update and downloaded.
I'm lucky in that most of my users wouldn't even bother clicking on any menu entries in IE let alone Windows Update. Too advanced for them.
Neill
- Thread starter
- #5
Lordmathos
IS-IT--Management
it should be ok then because its only the ict department that do the odd manual update.
I shall leave it as it is and see how it goes.
Cheers for your input
Matt
I shall leave it as it is and see how it goes.
Cheers for your input
Matt
-
1
- #6
Lordmathos,
There is an option in the GPO (win 2K and above)
- User config > Admin Templates > Windows components >Windows Updates
Settings is "Remove Access to use all Windows Updte features". Enabled it, and the users will not be able to run Windows update themselves.
There can still type in and see the web-site, but all the active bit will be disabled, and they will get a message "option blocekd by admin" or similar
Chris
There is an option in the GPO (win 2K and above)
- User config > Admin Templates > Windows components >Windows Updates
Settings is "Remove Access to use all Windows Updte features". Enabled it, and the users will not be able to run Windows update themselves.
There can still type in and see the web-site, but all the active bit will be disabled, and they will get a message "option blocekd by admin" or similar
Chris
- Thread starter
- #7
- Status
Similar threads
- Locked
- Question
- Locked
- Question
