|
Home > Archive > General Discussion > September 2003 > SUS client not Local Admins
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SUS client not Local Admins
|
|
| Jonoplunk 2003-09-17, 9:09 am |
| Hello all,
We are trying to set-up a SUS server for deploying Security and Critical updates. We have this working through a GPO pushing the settings to the client. Our only problem is that the updates download to the client machine but do not install unless the user is a local admin. The GPO is set to option 4 - Auto donload and schedule the install.
Does anyone have any tips, the MS sites certainly don't, typically they seem to suggest that it will just work. Also found a good forumn at www.susserver.com, they mention the same problem, but no solutions.
Looks like the only way to get this to work is to make all clients local admins, not really what we want.
Any help or suggestions please. | |
| anthonie 2003-09-18, 12:22 am |
| Quote from SUS FAQ site:
quote:
Q. Do end users need special rights in order for the Automatic Updates component to work on their PC?
A. If the end user is part of the local administrators group, he or she will be able to interact with Automatic Updates (AU) by initiating downloads or installs. If the end user is not part of the local administrators group, he or she will not be able to interact with AU and will not see the AU balloon or tray icon. For end users who are not local administrators, the only way that AU will properly update their machine is if scheduled installs are set.
Hope this helps. | |
| Jonoplunk 2003-09-18, 4:46 am |
| Thanks Anthonie.
I contacted Microsoft and their response was;
"The clients download the patches and install them at the scheduled
install time. If any administrators log in before the scheduled install
time and after the download is complete, they see the notification and
can install it immediately. The ScheduledInstallTime is the time when
the patches will be installed if they are downloaded and are ready to be
installed.
There is no issue with users who are not local administrators. Setting
AUOptions to 4 will be the only settings that will work for this user.
Since the AutoUpdate Service runs using the local system account, there
is no problem with the logged in user being a non admin."
It seems that the downloads will happen at any time and will install at the time set in the GPO, if I have understood this correctly. | |
| jarbob69 2003-09-18, 7:10 pm |
| The client will attempt to download from the update server every 22 hours minus a random offset period.
I also have mine set to 4 (download and schedule install). Here is how I solved the problem - I just scheduled the install at an off time like 3AM when there aren't any users logged in. If the machine is on with no one logged in, and the scheduled install time passes, the updates will install themselves and reboot the machine if it is required w/o any interaction. |
|
|
|
|