Announcement

Collapse
No announcement yet.

Configuration of automatice update

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuration of automatice update

    Hi all,

    I have configured WSUS and enabled Client-side targeting. On WSUS console I have a created group named SERVERS and all my servers are belonging to this group.

    The Group policy for the Server have the following setting on the Windows update:

    ----------------------- Setting -----------------------------State ----------GPO Name
    Configure Automatic Update-------------------------------Enabled------WSUS for Server
    Specify intranet Microsoft update service location-----------Enabled------WSUS for Server
    Enable client-side targeting--------------------------------Enabled------WSUS for Server

    No auto-restart with logged on users for
    schedule automatic update installation ----------------Enabled-------WSUS for Server

    The value of Configure Automatic Update is Option 3 ie auto download and notify for install

    I have read that for any update to get installed on the clients, it should first get approved from the WSUS console.

    Unfortunately, my File Servers are showing a different behavior. It has download the following updates automatically and displaying the yellow shield icon on the taskbar and waiting for installation.

    Automatic updates to install
    Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Ed( KB947864)
    Security Update for ActiveX Killbits for Windows Server 2003 ( KB 948881)
    Security Update for Windows Server 2003 x64 Edition (KB 941693)
    Security Update for Windows Server 2003 x64 Edition (KB 944338
    Security Update for Windows Server 2003 x64 Edition (KB 945553)
    Security Update for Windows Server 2003 x64 Edition (KB 948590)
    Security Update for Windows Server 2003 x64 Edition (KB 950749)
    Update for Windows Server 2003 x64 Edition ( KB 938759 )

    The above updates are however not present on the WSUS console. Is this a standard behavior or there is an error in my configuration ?

    Could someone please assist and guide me.

    Cheers,

    Pankajb

  • #2
    Re: Configuration of automatice update

    Sounds like the GPO is not applying to your servers- even if the servers appear in the Servers group on the WSUS server. Check GPResult to verify this. I'm not sure if this will work, but I guess it will, turn off AU on each server. Now check if the servers are receiving updates. If they do then they are getting them from the WSUS server if not then the GPO is not applying.

    In WSUS, you can set the approval level for different updates. We set Critical updates as automatic approval and service packs as requiring approval from the WSUS admin.
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

    Comment


    • #3
      Re: Configuration of automatice update

      Hi JDMills,

      Checked the Options for Automatic Update.

      Found that there was a rule called Default Automatic Approval and the rule permitted Critical and Sucurity UPdate for all Computer and Servers. I am sure for this reason the updates were getting downloaded on the Server.

      Your quote :
      In WSUS, you can set the approval level for different updates. We set Critical updates as automatic approval and service packs as requiring approval from the WSUS admin.
      Your above quote gave me the clue to check Automatic Approval under the options.

      Thanks once again, as I couldn't have figured out this one without your help


      Cheers,

      Pankajb

      Comment

      Working...
      X