If I set the User configuration > Admin Templates > Windows Components > Windows Update > Remove access to al windows update components will this affect another part of the policy which says download updates and automatically install them (under computer configuration)? I can't test it because when I log in obviously I can't see windows update and it doesn't notify me, so I have no way of knowing for definite. can somebody help clarify?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Group Policy for Windows Update
- Thread starter y2k1981
- Start date
- Thread starter
- #4
I am, but there's no option in computer configuration to remove access to windows updates, that's only done in user configuration. I don't want users (on any computer) to have access to windows updates, but do want them to install. If I configure the GPO to point windows update to an SUS server, will the users still be able to use windows update to download updates from the M$ windows update site?
BigFunkyChief
IS-IT--Management
It's my understanding that if they log into the domain, they'll download the GPO, and then if they try to run Windows Update, it'll look to the SUS Server.
A user can still get to Windowsupdate.microsoft.com if there is an SUS server enabled on the domain.
I think if you're running an SUS server I think you can disable Windows Update. Personally I would test it in a lab first. Don't forget though, SUS only does critical updates. It doesn't do any of the recommended updates. So you may want to enable that for your users just in case.
If you are worried about Service Pack 2 coming down, there is a way that you can block that with a policy setting without stopping any of the other updates from coming down.
Check out this link:
Good Luck
-Al
I think if you're running an SUS server I think you can disable Windows Update. Personally I would test it in a lab first. Don't forget though, SUS only does critical updates. It doesn't do any of the recommended updates. So you may want to enable that for your users just in case.
If you are worried about Service Pack 2 coming down, there is a way that you can block that with a policy setting without stopping any of the other updates from coming down.
Check out this link:
Good Luck
-Al
- Thread starter
- #7
Just to test this, I've configured GRP as follows:
user policy: remove all links to windows update - enabled
computer policy: download updates at scheduled time and notify admin-privledged user
However, when I log onto the PC in my test OU, the "bubble" to tell me that there are new updates available for download doesn't appear. Presumably because I've said remove windows update? It should because I approved several updates on my SUS server this morning. And my user account is in the test OU also so that the user settings apply.
It was my managers' decision to use SUS so I guess they must only want critical updates.
user policy: remove all links to windows update - enabled
computer policy: download updates at scheduled time and notify admin-privledged user
However, when I log onto the PC in my test OU, the "bubble" to tell me that there are new updates available for download doesn't appear. Presumably because I've said remove windows update? It should because I approved several updates on my SUS server this morning. And my user account is in the test OU also so that the user settings apply.
It was my managers' decision to use SUS so I guess they must only want critical updates.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
