RE: SuS update's

From: David Fike - ADCS Inc. (dfike_at_adcs.com)
Date: 05/06/03

  • Next message: Williamson, Scott: "RE: SuS update's"
    To: "'Free, Bob'" <RWF4@pge.com>, Ronald Balk <rbalk@borland.com>, focus-ms@securityfocus.com
    Date: Tue, 6 May 2003 09:37:01 -0700 
    
    

    In regards to this SuS topic, I am having several issues myself with my SuS
    server. I currently have it running on a machine on our network, and I have
    applied a Group Policy to only 1 OU with 7 workstations for testing
    purposes. These workstations are all Win2K Pro with SP3. The SuS server is
    updated with the most current Windows Update files as of today, and I can
    see that the workstations in this OU are querying the SuS server for their
    Windows Updates, but they are not downloading or installing the updates. If
    I check my updates against the actual Microsoft Update website, it shows our
    workstations all have 5 critical updates to download, and these 5 updates
    are indeed located on my SuS server as well. I have the policy configured to
    auto download and schedule the install for everyday at 21:00, and to
    auto-reboot 5 minutes after installation to complete the updates. As I
    stated, my question is why are the workstations not downloading the updates,
    but they are querying the SuS server? I am getting the query information
    from the C:\winnt\windows update.txt file on each workstation. Any help is
    immensely appreciated.

    David Fike
    Network Technician
    ADCS Inc.
    13970 Stowe Drive
    Poway, CA 92064
    (858) 848-2000 Ext. 1502
    DFike@adcs.com

    -----Original Message-----
    From: Free, Bob [mailto:RWF4@pge.com]
    Sent: Saturday, May 03, 2003 2:39 PM
    To: Ronald Balk; focus-ms@securityfocus.com
    Subject: RE: SuS update's

    It depends on several factors:

    1] Client platform- Some functionality is only available on XP
    2] User rights- Local admin vs non-admin user logged on at the time
    3] Interaction with other policies- particularly the "Remove access to use
    all Windows Update features" setting
    4] Interaction of the varous setting combinations possible in the wuau.adm

    3] Sounds most likely here [in the absense of further details]-

    If you apply the user policy of "Remove access to use all Windows Update
    features" the current user is always treated as a non-administrator, as far
    as the Automatic Client is concerned. If you set AU configuration to either
    2 or 3 in the AU policy, then the local user will never be notified that
    there are updates available for download or for install. That's not
    terribly good since the end result is that the updates never get installed.
    Don't turn this policy unless you configure AU to do scheduled installs!!

    If you set AU configuration to 4 (scheduled install) in the AU policy, then
    the scheduled install will occur as intended, but the local user won't ever
    see the AU tray icon, or be notified that the install is ready to occur and
    have a 5 minute count-down before the install starts. The local user
    (admin/non-admin) will be notified that a reboot is needed, and admin users
    who are governed by the user policy will have the ability to initiate the
    reboot, but will not be able to postpone the reboot. Essentially, turning
    on this policy prevents users from seeing any AU notifications or
    activities, with the exception of the Reboot dialog.

    So if that poilcy (Remove WU Access) is set, the experience is something
    like-

    AU is ready to install updates:
    User gets no AU tray icon and is not aware that updates are ready to
    install.

    Scheduled install time:
    User is not notified that the installs are ready to occur. If the install
    is scheduled at 4pm then installation starts at 4pm instead of 4:05 since
    there is no 5 minute countdown dialog.

    Install requires a reboot:
    User is notified that reboot is needed, and can click "Yes" to initiate the
    reboot, but is not able to postpone the reboot (the "No" button is grayed
    out).

    ++++++++++

    Essentially, when the user policy is set to remove access to WU, even if the
    local user is an administrator they are (a) not notified of pending installs
    via the tray icon, (b) they cannot postpone the scheduled installs, and (c)
    they cannot defer the reboot if one is required after an install has
    occurred. The one caveat is that if this policy is in place, then there may
    be issues with not allowing the user to postpone the reboot.

    -----Original Message-----
    From: Ronald Balk [mailto:rbalk@borland.com]
    Sent: Friday, May 02, 2003 1:41 AM
    To: focus-ms@securityfocus.com
    Subject: SuS update's

    Hi,

    I have got a question about SuS from Microsoft.
    Everything works fine, updates get automatically downloaded to my SuS
    server.
    I approve the update's and they get pushed to the clients.
    I have downloaded the latest administrative template for GPO (Windows Update
    with 4 policy's)

    The problem is that when the update's get installed the user get's a dialog
    box
    with "Update's installed, do you want to reboot now" They NO button is
    disabled and the YES button enabled.
    this is very unlogical.. The user can not close this box..
    I have enabled the "NO-auto restart" GPO. If I disabled this the user gets a
    notification that the computer will restart in 5 minutes.
    Of course, this is not what I want.
    I just want NO dialog box or a dialog box that a user can close or press NO
    to not reboot.

    Hope you can help -;)

    Cheers,

    Borland BV
    Ronald Balk
    System Administrator NESAM
    Van Heuven Goedhartlaan 935 - 1181 LD Amstelveen - The Netherlands
    http://www.borland.nl
    Tel : +31.20.503.5104
    Fax : +31.20.503.5170

    About Borland
    Borland Software Corporation (Nasdaq NM: BORL) is a world leader in
    Platform-independent software development and deployment solutions that are
    designed to accelerate the entire application development lifecycle. By
    connecting managers, testers, designers, developers, and implementers in
    real time, Borland enables enterprises worldwide to define and sustain their
    competitive advantage. For more information, visit: http://www.borland.com
    or the Borland Developer Network.

    This e-mail is intended only for use by the named addressee(s) and may
    contain confidential information. If you are not the intended recipient of
    this e-mail, please note any distribution or copying of this e-mail is
    strictly prohibited. If you have received this e-mail in error, please
    immediately delete the original and any copy and destroy any printout
    thereof.

    ----------------------------------------------------------------------------
    -
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s most

    recognized corporate security certification track, provides a comprehensive
    prospectus based upon the core principle concepts of security. This ALL
    INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
    utilization
    of pertinent security tools. For a limited time you can enter for a chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ----------------------------------------------------------------------------

    --
    ----------------------------------------------------------------------------
    -
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
    recognized corporate security certification track, provides a comprehensive 
    prospectus based upon the core principle concepts of security. This ALL
    INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
    utilization 
    of pertinent security tools. For a limited time you can enter for a chance 
    to win one of the latest technological innovations, the SEGWAY HT. 
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ----------------------------------------------------------------------------
    --
    This electronic message and any attachments contain information which is
    confidential and may be legally privileged. The information is intended
    solely for the individual or entity named above and access by anyone else is
    unauthorized. If you are not the intended recipient, any disclosure,
    copying, distribution, or use of the contents of this information is
    prohibited and may be unlawful. If you have received this electronic
    transmission in error, please reply immediately to the sender that you have
    received the message in error, and delete it. Thank you.
    -----------------------------------------------------------------------------
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s most 
    recognized corporate security certification track, provides a comprehensive 
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization 
    of pertinent security tools. For a limited time you can enter for a chance 
    to win one of the latest technological innovations, the SEGWAY HT. 
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ------------------------------------------------------------------------------
    

  • Next message: Williamson, Scott: "RE: SuS update's"

    Relevant Pages

    • Re: MS Windows Update Page Will Not Load.
      ... Updates page I'm getting a page that tells me to click on a bar ... Reboot and logon as administrative user. ... Download, install, run, update and perform a full scan with the following ...
      (microsoft.public.windowsupdate)
    • Re: Computer performs little better after rebooting
      ... Reboot and ... ... Download, install, run, update and perform a full scan with the ... Download/Install the latest Windows Installer: ... select just _ONE_ of the high priority updates ...
      (microsoft.public.windowsxp.general)
    • Re: windows xp slow up and persists till shuts down
      ... So reboot (for each of these steps, it is just best to reboot right ... Download, install, run, update and perform a full scan with the following ... Reboot and logon as administrative user. ... select just _ONE_ of the high priority updates ...
      (microsoft.public.windowsxp.perform_maintain)
    • Re: error code 403 access denied windows xp 32 home windows update
      ... Reboot and ... ... Download, install, run, update and perform a full scan with the ... Download/Install the latest Windows Installer: ... select just _ONE_ of the high priority updates ...
      (microsoft.public.windowsupdate)
    • Re: PLEASE stop nagging us to reboot!!!!
      ... Jon Davis wrote: ... PLEASE stop nagging us to reboot!! ... Quit assuming that YOUR updates are more ... control over the process - choosing WHEN to install them and thus - ...
      (microsoft.public.windowsupdate)