Announcement

Collapse
No announcement yet.

GPO for installing Windows update through WSUS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO for installing Windows update through WSUS

    Hi Everyone,

    We have a Win 2003 Server based Active Directory domain and I have recently setup WSUS 3.0 in order to install updates automatically on our Servers and networked computers.

    I have also setup a two GPO for installation of the updates on the desktops/laptops & Servers as follows:

    1. WSUS for Desktops and Laptops
    Computer configuration -> Administrative Templates -> Windows Components -> Windows Update:
    Configure Automatic Updates-> Option 4 Auto download & schedule install

    2. WSUS for Servers
    Computer configuration -> Administrative Templates -> Windows Components -> Windows Update:
    Configure Automatic Updates-> Option 3 Auto download & notify install

    I have obtained the information to setup GPO for installation of automatic updates on desktops by doing a Google search. The method seemed to quite straight forward however, I decided to use two policies due to the fact that I would not like the Servers to reboot automatically after downloading the updates.

    I understand that utmost precaution needs to be taken before installation of any updates on the Servers.

    Kindly give opinion on my method.

    Also, like to know other better methods.

    What are the precautions required and what are the best practice.

    Regards,

    Pankajb

  • #2
    Re: GPO for installing Windows update through WSUS

    Hi Pankajb,

    Your set-up looks fine.

    Do you have multiple sites in your organisation? If so, you may want to confiure your GPO's on the site's to ensure clients pick up updates from a local WSUS server. If you don't them ignore this

    Also make sure all updates have been tested on all equipment before being deployed. Especially servers.

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: GPO for installing Windows update through WSUS

      Hi Michael,
      Many thanks for your comments.

      No we do not have many sites yet.

      On the the GPO for the Server I already had the following as mentioned in my earlier post:

      2. WSUS for Servers
      Computer configuration -> Administrative Templates -> Windows Components -> Windows Update:

      Configure Automatic Updates-> Option 3 Auto download & notify install

      Now I have enabled the following ( shown in bold)

      No auto-restart with logged on user for scheduled automatic update installation -> Enabled.


      This is supposed to prevent the Server from being re-started and wait for physical intervention. Hope this is fine.

      You quoted :

      Also make sure all updates have been tested on all equipment before being deployed. Especially servers.

      Since WSUS automatically installs the update and notifies us, what happens if I install the update on a test server, find some prob and thus do not want to install on the production Server.

      Can I uninstall the update that WSUS has dumped on all the Servers those are only waiting for reboot ?




      Regards,
      Pankajb

      Comment


      • #4
        Re: GPO for installing Windows update through WSUS

        You normally have to approve updated before they are pushed out to clients / servers. Before you approve it make sure it's tested on all platforms within your organisations.

        Or you could use client side targeting (Google it) and create a test target set of computers. Only approve the patches to be installed on the test target, once you happy they work, then approve them for the rest of your org.

        Hope this makes sence

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: GPO for installing Windows update through WSUS

          Hi Michael,
          Many thanks for your suggestion on client side targetting. I did a google search and found wealth of information.

          I have completed setting up WSUS with client side targetting at our site and now under observations.

          However, found 2 Servers are not showing up in the WSUS All computers list.

          Both are member Servers with one working as File Server running Win 2K and other working as a DB Server running legacy applications on Win NT.


          Any suggestions.


          Cheers,

          Pankajb

          Comment


          • #6
            Re: GPO for installing Windows update through WSUS

            Make sure that your W2K server has at least SP3 installed on it. To my knowledge windows NT is not supported by WSUS nor SUS.
            Regards,
            John

            Comment

            Working...
            X