I currently have WSUS setup to install updates (4-Auto download and schedule the install) every Friday at 11am.
I'd like to also allow for the "yellow shield" to show up for everyone (admin or non-admin) to allow for a manual kickoff of the scheduled install. I don't want them to be able to uncheck the updates...just to be able to run it before the scheduled time if they want (without having to go to Shut Down, Install Updates).
The reason for this is I have people complaining that if I approve 10 updates on a Wednesday then when they are leaving Wednesday night they will get "Shut down and install updates" and have to wait to undock their laptop... lol.
Is it possible to do what I'm asking? I don't want to get rid of the schedule because I know there will be people that will NEVER click on the shield.
I have the following settings via GPO:
Policy Setting Comment
Allow Automatic Updates immediate installation Enabled
Allow non-administrators to receive update notifications Enabled
Automatic Updates detection frequency Enabled
Check for updates at the following
interval (hours): 4
Policy Setting Comment
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day: 6 - Every Friday
Scheduled install time: 11:00
Policy Setting Comment
No auto-restart with logged on users for scheduled automatic updates installations Enabled
Re-prompt for restart with scheduled installations Enabled
Wait the following period before
prompting again with a scheduled
restart (minutes): 30
Policy Setting Comment
Reschedule Automatic Updates scheduled installations Enabled
Wait after system
startup (minutes): 5
Policy Setting Comment
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://fwmwsus
Set the intranet statistics server: http://fwmwsus
(example: http://IntranetUpd01)
User Configuration (Enabled)hide
Policieshide
Administrative Templateshide
Policy definitions (ADMX files) retrieved from the central store.Windows Components/Windows Updatehide
Policy Setting Comment
Remove access to use all Windows Update features Enabled
Configure notifications:
-
When you do your approvals you can set a deadline for automatic installation.
http://technet.microsoft.com/en-us/library/dd939929(WS.10).aspx
Set a deadline for automatic installation. When you select this option, you set specific times and dates to install updates, overriding any settings on the client computers. In addition, you can specify a past date for the deadline if you want to approve an update immediately (to be installed the next time client computers contact the WSUS server).
So you should be able to set your policies to allow the users to install the updates on their own schedule. Then with a reasonable deadline set on update they will be forced to install the update after the deadline is passed.
TheCleaner : Thanks. Will that also keep them from unchecking any updates for install on the client? Or will that even matter? ie. they uncheck an update but the deadline will install it regardless when the deadline hits.From Zoredache
0 comments:
Post a Comment