Allowing Windows Update

[randomwalsh]

Hi

Currently I have been capped with the added responsibility of being the "IT" guy in my new office.
I am starting to get irritated with the amount of problems which could be resolved by just running updates.
But the problem is the proxy running on the windows server 2003 wont allow updates from windows to come through for some reason.

Is there a way to set up a profile / security group that I can assign a user to, to temporarily allow updates to be pushed through to their machine?

I hope that question made sense. Also what is the best windows server 2003 beginner resource so I can build my knowledge?

 

[PsyWulf]

Why not just add a WSUS server to your network? Rather than download the same thing over and over and over ( if you fix the mysterious update block )

Are the clients running Windows XP/Vista/7 ?

 

[DrJohnZoidberg]

Why not just add a WSUS server to your network? Rather than download the same thing over and over and over ( if you fix the mysterious update block )

Are the clients running Windows XP/Vista/7 ?

Yep, WSUS is probably the way to go depending on how many workstations we're talking about. It works pretty well.

 

[randomwalsh]

yip the clients are running windows ranging from xp to 8

Is WSUS easy to implement and would the implementation add any noticeable strain on the server?

 

[PsyWulf]

Nah server load doesn't increase noticeably except initially when you load and configure it to start downloading

It's quite easy to install on most server editions,newer ones being even easier

 

[randomwalsh]

ok so where do i start?

And thank you very much for your advice and assistance thus far...

 

[PsyWulf]

http://www.edugeek.net/forums/windo...-how-setup-wsus-2003-2008-2008-r2-server.html

Step by step guide

 

[randomwalsh]

Thank you very much!

 

[randomwalsh]

ok so I followed the tutorial and setup wsus on the server and it picked up like 30000 updates that need applying but its not populating the computer under unassigned in the wsus console. What am I doing wrong?

Is there something that I need to do on the client side to get it to work?

 

[DrJohnZoidberg]

ok so I followed the tutorial and setup wsus on the server and it picked up like 30000 updates that need applying but its not populating the computer under unassigned in the wsus console. What am I doing wrong?

Is there something that I need to do on the client side to get it to work?

As long as the group policy is setup correctly on the server you shouldn't have to do anything on the client machines. Logging out and back in again should do the trick or a simple GPUPDATE. If it's set up correctly Windows 7 machines should say something about Updates being handled by your administrator when opening up the Windows updates window.

It'll look like this:

 

[PsyWulf]

Appy a reg patch or domain policy pointing to the wsus server. Also you need to configure the server to download only certain software updates,then set up groups for the client pcs to approve and install updates

 

[grim]

ok so I followed the tutorial and setup wsus on the server and it picked up like 30000 updates that need applying but its not populating the computer under unassigned in the wsus console. What am I doing wrong?

Is there something that I need to do on the client side to get it to work?

Once you have the computers pointed to the WSUS via group policy only approve needed updates, this will ensure that it doesn't download unnecessary updates.

 

[randomwalsh]

ok will check what happens when i connect to the network this morning.

@PsyWulf how would I apply this reg patch? And what is this reg patch?

 

[grim]

ok will check what happens when i connect to the network this morning.

@PsyWulf how would I apply this reg patch? And what is this reg patch?

A Group Policy would be far easier to apply to all machines and to manage should you want to make any changes later on.

GPO:
http://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx

Registry:
http://technet.microsoft.com/en-us/library/cc708449(v=ws.10).aspx

 

[Demon7]

We are assuming that his network is domain based... if you need a reg key...
copy and save this as a .reg file.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://[COLOR="#FF8C00"]server IP:port[/COLOR]"
"WUStatusServer"="[COLOR="#FF8C00"]http://server IP:port[/COLOR]"
"ElevateNonAdmins"=dword:00000001
"TargetGroupEnabled"=dword:00000001
"TargetGroup"="[COLOR="#FF8C00"]Group to place pc's in[/COLOR]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000003
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000000
"DetectionFrequencyEnabled"=dword:00000001
"DetectionFrequency"=dword:00000001
"UseWUServer"=dword:00000001
"RescheduleWaitTime"=dword:0000000a
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RebootRelaunchTimeout"=dword:0000003c
"NoAUShutdownOption"=dword:00000000
"IncludeRecommendedUpdates"=dword:00000000
"RescheduleWaitTimeEnabled"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000000
"AUPowerManagement"=dword:00000000

copy code and save as .reg then just run it on the machines...

Fill in your WSUS server info to replace the text I highlighted in red...