Archived from groups: microsoft.public.win2000.active_directory (
More info?)
"Kerplunk" <clynedrive@ntlworld.com> wrote in message
news:OJP$a5XhFHA.3608@TK2MSFTNGP12.phx.gbl...
> Herb,
>
> Thanks for the guidance. Still have the same problem. SUS is installed
on
> one of the Central Services Servers and GPO has been set up to point at
this
> machine.
Have you proven that GPO is applied (GPResult etc.)?
> Updates still do not happen and when we try and run Updates from a
> client machine using a users logon we still get a 'no permissions' error.
Where do you see this error? What precisely does it say?
Consider turning on Object Auditing on the SUS server and setting
the SUS tree to inclue something like Everyone-READ auditing.
Please understand that with Automatic Updates it is the COMPUTER
account being checked for permissions on the net.
> We've obviously set something in AD at some time but we're at a loss to
see
> what. We've evne checked back through the AD Change Control Process and
> nothing for Security seems to have been changed which could cause the
> problems. Have you got any other ideas ?
Isolate what the error really means (see above) and then either fix it
or seek more help here.
Post precise error locations and exact text of any messages (helps
in searching MS or Internet.)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
>
> REgards in advance
>
> Kerplunk
>
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:Oi$XNdKhFHA.1412@TK2MSFTNGP09.phx.gbl...
> > "Kerplunk" <clynedrive@ntlworld.com> wrote in message
> > news:etZ1KMJhFHA.2484@TK2MSFTNGP15.phx.gbl...
> >> Our AD has been set up some time and although the Admin Template for
> > Windows
> >> Update is installed and configured (Auto Update computers (option 4) at
> >> 13:00) none of the computers seem to update. I've read somewhere that
> >> the
> >> logged on user should be a member of the Administrators Group but
surely
> >> this cannot be right ?
> >
> > No, that is not right -- part of the BENEFIT of the Automatic Updates
> > (versus Windows Update) is that an admin is NOT required since it
> > runs under the computer account.
> >
> > First step would be to run GPResult and/or RSoP (in Win2003) and
> > make sure that the GPO is really applied.
> >
> >> How do I configure AD/GPO to automatically Update
> >> Windows without giving everyone Admin rights?
> >
> > Also, for Win2000 machines you must install the AU Client but
> > with current service packs that was done long ago.
> >
> > Along with GPO applied, make sure the computers are properly
> > authenticated AND that DNS is fully functional since they must
> > find the servers.
> >
> > How about firewall checks?
> >
> > How about setting it to reboot (in AU settings that is)? Since
> > the updates may be installed but not yet applied.
> >
> > --
> > Herb Martin, MCSE, MVP
> > Accelerated MCSE
> >
http://www.LearnQuick.Com
> > [phone number on web site]
> >
> >>
> >> Thanks in Advance.
> >>
> >> KErplunk
> >>
> >>
> >
> >
>
>