SUS server for applying patches - problemo..
11 June 2004, 02:41 PM
#1
Scooby Senior
Thread Starter
Join Date: Aug 2002
Location: 52 Festive Road
Posts: 28,311
Likes: 0
Received 0 Likes
on
0 Posts
SUS server for applying patches - problemo..
One of our techies is having a problem with a SUS server - it keeps saying it can't push down the updates to the PC's (XP PRO) as the user does not have admin rights. Now never having seen SUS server meself can someone please give me an idea on how it is supposed to work i.e. do you create an admin equiv account on each pc and give the SUS server that account to use ??
11 June 2004, 03:26 PM
#2
Scooby Regular
IIRC, the user needs local admin permissions (i.e. member of local admin group) to interact with AU service.
If the local user doesn't have admin permissions, then the AU needs to be scheduled using a Global Policy.
The SUS server interacts with the AU service on each client PC. It's the AU service that initiates the update queries not the other way around.
Have a look at the SUS White Paper for more detailed info.
Stefan
If the local user doesn't have admin permissions, then the AU needs to be scheduled using a Global Policy.
The SUS server interacts with the AU service on each client PC. It's the AU service that initiates the update queries not the other way around.
Have a look at the SUS White Paper for more detailed info.
Stefan
11 June 2004, 03:36 PM
#4
Scooby Regular
iTrader: (5)
Join Date: Mar 2001
Location: Cheshire
Posts: 2,895
Likes: 0
Received 0 Likes
on
0 Posts
Yep,as per what Stefan is saying...
MBSA (Microsoft Baseline Security Analyser) won't allow you to scan a remote client either unless you have admin rights on that particular machine.Easy enough to grant yourselves admin rights on the remote machines though!!
Good luck
Nick
MBSA (Microsoft Baseline Security Analyser) won't allow you to scan a remote client either unless you have admin rights on that particular machine.Easy enough to grant yourselves admin rights on the remote machines though!!
Good luck
Nick
11 June 2004, 03:53 PM
#6
Scooby Regular
You should be able to manipulate the AU using a policy so that the workstations pull the updates from the SUS server.
Or you should really consider something along the lines of SMS Server in a large Corporate environment. SUS is really for small businesses.
Stefan
Or you should really consider something along the lines of SMS Server in a large Corporate environment. SUS is really for small businesses.
Stefan
Trending Topics
11 June 2004, 04:38 PM
#8
Scooby Regular
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
I'm still playing with an SUS server (running on Server 2003). Its distributing updates to Windows 2000 and XP machines running Novell.
Have you loaded the updated adm file called wuau.adm on each machine? This enables you and me () to schedule the updates at different times (we are going to do ours at 11am). If the user on the machine is an Administrator they receive a 'balloon' to tell them there are updates to install. If the user is a 'normal user' it just install it without asking, exactly how we wanted it to work 
I am still playing with it and am not 100% how it works but its free so I like it
Darren
Have you loaded the updated adm file called wuau.adm on each machine? This enables you and me (
) to schedule the updates at different times (we are going to do ours at 11am). If the user on the machine is an Administrator they receive a 'balloon' to tell them there are updates to install. If the user is a 'normal user' it just install it without asking, exactly how we wanted it to work I am still playing with it and am not 100% how it works but its free so I like it
Darren
11 June 2004, 04:48 PM
#9
Scooby Senior
Thread Starter
Join Date: Aug 2002
Location: 52 Festive Road
Posts: 28,311
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by darlodge
I'm still playing with an SUS server (running on Server 2003). Its distributing updates to Windows 2000 and XP machines running Novell.
Have you loaded the updated adm file called wuau.adm on each machine? This enables you and me () to schedule the updates at different times (we are going to do ours at 11am). If the user on the machine is an Administrator they receive a 'balloon' to tell them there are updates to install. If the user is a 'normal user' it just install it without asking, exactly how we wanted it to work
I am still playing with it and am not 100% how it works but its free so I like it
Darren
Have you loaded the updated adm file called wuau.adm on each machine? This enables you and me (
) to schedule the updates at different times (we are going to do ours at 11am). If the user on the machine is an Administrator they receive a 'balloon' to tell them there are updates to install. If the user is a 'normal user' it just install it without asking, exactly how we wanted it to work I am still playing with it and am not 100% how it works but its free so I like it
Darren
11 June 2004, 04:58 PM
#10
Scooby Regular
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
No worries,
E-mail me, PM me or post here for any assiatance. I might be able to help. Its really cool once you get going. Easy administration, simple (once you get your head round it).
Saves running around 300 machines all at once. I am sure we will go over to SMS at some point as its apparently better designaed and there are more functions but we needed something ASAP and from what I read, SMS was/is a b|tch to set-up.
Darren
E-mail me, PM me or post here for any assiatance. I might be able to help. Its really cool once you get going. Easy administration, simple (once you get your head round it).
Saves running around 300 machines all at once. I am sure we will go over to SMS at some point as its apparently better designaed and there are more functions but we needed something ASAP and from what I read, SMS was/is a b|tch to set-up.
Darren
Last edited by darlodge; 11 June 2004 at 05:03 PM.
cheers Darren
12 June 2004, 07:56 PM
#12
<kicks memory>
Its all about having a Global GP set up for every user that runs MS Update but checks with SUS instead.
The "howto"s are all in TechNet or KB but each machine (irrespective of user) checks itself against the latest specs (either @ 03:00 for me or on boot) then d/loads the relevant files and installs them. I have not had to muck about with permissions.
The only problem I have is that I need to click the tray icon to install (my first attempt) as opposed to auto-install. Can't seem to change that
though I have tried to amend the defaults...
Its all about having a Global GP set up for every user that runs MS Update but checks with SUS instead.
The "howto"s are all in TechNet or KB but each machine (irrespective of user) checks itself against the latest specs (either @ 03:00 for me or on boot) then d/loads the relevant files and installs them. I have not had to muck about with permissions.
The only problem I have is that I need to click the tray icon to install (my first attempt) as opposed to auto-install. Can't seem to change that
though I have tried to amend the defaults...
13 June 2004, 12:56 AM
#13
Scooby Regular
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
Puff,
If you have added the updated adm file (have you done this?) onto each machine and the user is logged on a normal user you should not receive the sys tray icon.
Once you have loaded the adm file there are a few extra registry entires that have to be added and then the updates will install sliently, proving you are a USER on the machine. If you are logged in as an Administrator, you will receive the systray icon.
I can't remember what the options are but they are something like these DWORD values
AUOptions = 4 (This is vital and makes the updates install at the scheduled time)
AUSCHE = 0
There are more but I can't remember the exact keys but I'll whack them up on Monday. I've also got the adm file at work if you need that.
DArren
If you have added the updated adm file (have you done this?) onto each machine and the user is logged on a normal user you should not receive the sys tray icon.
Once you have loaded the adm file there are a few extra registry entires that have to be added and then the updates will install sliently, proving you are a USER on the machine. If you are logged in as an Administrator, you will receive the systray icon.
I can't remember what the options are but they are something like these DWORD values
AUOptions = 4 (This is vital and makes the updates install at the scheduled time)
AUSCHE = 0
There are more but I can't remember the exact keys but I'll whack them up on Monday. I've also got the adm file at work if you need that.
DArren
13 June 2004, 08:10 PM
#14
Scooby Regular
iTrader: (5)
Join Date: Feb 2003
Location: Worcester
Posts: 2,625
Likes: 0
Received 0 Likes
on
0 Posts
u will get the tray icon if you are a admin on the local pc, none admins will just install at the time set in the group policy
www.susserver.com
we use it along side sms 2003, they both have there strengths but as sus is so easy to set up we stick with it and I only set sms up 2 weeks ago
can you use sms 2003 just the same as sus with regular downloads ?
www.susserver.com
we use it along side sms 2003, they both have there strengths but as sus is so easy to set up we stick with it and I only set sms up 2 weeks ago
can you use sms 2003 just the same as sus with regular downloads ?
14 June 2004, 07:55 AM
#15
Scooby Regular
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
WRX_Rich,
We have not got a group policy running yet so we added these command line entries in the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004 (4)
"AUState"=dword:00000002 (2)
"ScheduledInstallDay"=dword:00000000 (0)
"ScheduledInstallTime"=dword:0000000b (11)
"LastWaitTimeout"="2004.05.29 01:51:10"
Darren
We have not got a group policy running yet so we added these command line entries in the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004 (4)
"AUState"=dword:00000002 (2)
"ScheduledInstallDay"=dword:00000000 (0)
"ScheduledInstallTime"=dword:0000000b (11)
"LastWaitTimeout"="2004.05.29 01:51:10"
Darren
Thread
Thread Starter
Forum
Replies
Last Post
oilman
Trader Announcements
15
01 October 2015 11:55 AM
An0n0m0us
Computer & Technology Related
0
28 September 2015 09:58 PM