G
Guest
Guest
Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.windows.group_policy (More info?)
Hi,
A question from a GPO-newbie, using SBS2003 and XP-workstations.
We have setup a SUS-server, and our clients are receiving and installing
updates through a "Scheduled Install SUS Config" GPO (which was described by
MS). This seems to be working fine, with one exception. Because all our
clients are local administrators, they receive notifications when new
updates are downloaded.
We don't want our clients to see anything regarding SUS.
We have found a solution for this problem, and that is to enable the setting
"Remove access to use all Windows Update features" located in User
Configuration\Administrative Templates\Windows Components\Windows Update,
this would stop all notifications regarding SUS.
This is described in the Software Update Services Deployment White Paper
(http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx) in
chapter "Interaction with other policies" on page 60.
The problem we are having is that changes made tot the User Configuration in
the GPO aren't distributed to the users. We have even tried a gpupdate/force
on the workstations. But when we view the "Resultant Set of Policy" through
rsop.msc on the workstations, Users Configuration still has all the default
values, the changes we have made aren't visible.
What are we doing wrong? Do we have to do something special after we have
made such changes?
Jan
"Joerg Ott" <news@lomosoft.de> wrote in message
news:uYV5SDSWEHA.3420@TK2MSFTNGP12.phx.gbl...
> Hi Jan,
>
> this feature just disables the shortcuts "Windows Update" which will bring
> the users directly to the ms website.
> For local admins theres is no way to make them not see the "new updates
can
> be installed" notification.
>
> Cheers,
> Joshua
>
> --
> Aufgrund der hohen Frequenz an Spam, Viren und sonstiger Malware werden
> e-Mails an diese Adresse direkt gelöscht. Bitte nur in der NG antworten.
> Due to high frequency of spam, viruses and malware all e-mails sent to
this
> account will be deleted w/out reading. Please answer in NG only.
>
>
>
> "Jan Didden" <Jan.Didden@(NOSPAM)Vereycken.BE(NOSPAM)> schrieb im
> Newsbeitrag news:OZzAe$RWEHA.212@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > We have been testing SUS for a few days now. We are using a "Scheduled
> > Install SUS Config" GPO to distribute the updates. Normally this is
> possible
> > without any user interaction/notification. Because all of our users are
> > local administrators they see the notifications.
> >
> > We have found a solution for this problem, and that is to enable the
> setting
> > "Remove access to use all Windows Update features" in GPO under User
> > Configuration\Administrative Templates\Windows Components\Windows
Update.
> >
> > We have enabled this setting but it seems that this GPO setting is not
> > distributed. We have even tried a gpupdate/force on the workstations.
But
> > when we view the "Resultant Set of Policy" through rsop.msc on the
> > workstations, this new setting is not enabled.
> >
> > Any ideas anybody?
> >
> > Thanks,
> >
> > Jan
> >
> >
>
>
Hi,
A question from a GPO-newbie, using SBS2003 and XP-workstations.
We have setup a SUS-server, and our clients are receiving and installing
updates through a "Scheduled Install SUS Config" GPO (which was described by
MS). This seems to be working fine, with one exception. Because all our
clients are local administrators, they receive notifications when new
updates are downloaded.
We don't want our clients to see anything regarding SUS.
We have found a solution for this problem, and that is to enable the setting
"Remove access to use all Windows Update features" located in User
Configuration\Administrative Templates\Windows Components\Windows Update,
this would stop all notifications regarding SUS.
This is described in the Software Update Services Deployment White Paper
(http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx) in
chapter "Interaction with other policies" on page 60.
The problem we are having is that changes made tot the User Configuration in
the GPO aren't distributed to the users. We have even tried a gpupdate/force
on the workstations. But when we view the "Resultant Set of Policy" through
rsop.msc on the workstations, Users Configuration still has all the default
values, the changes we have made aren't visible.
What are we doing wrong? Do we have to do something special after we have
made such changes?
Jan
"Joerg Ott" <news@lomosoft.de> wrote in message
news:uYV5SDSWEHA.3420@TK2MSFTNGP12.phx.gbl...
> Hi Jan,
>
> this feature just disables the shortcuts "Windows Update" which will bring
> the users directly to the ms website.
> For local admins theres is no way to make them not see the "new updates
can
> be installed" notification.
>
> Cheers,
> Joshua
>
> --
> Aufgrund der hohen Frequenz an Spam, Viren und sonstiger Malware werden
> e-Mails an diese Adresse direkt gelöscht. Bitte nur in der NG antworten.
> Due to high frequency of spam, viruses and malware all e-mails sent to
this
> account will be deleted w/out reading. Please answer in NG only.
>
>
>
> "Jan Didden" <Jan.Didden@(NOSPAM)Vereycken.BE(NOSPAM)> schrieb im
> Newsbeitrag news:OZzAe$RWEHA.212@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > We have been testing SUS for a few days now. We are using a "Scheduled
> > Install SUS Config" GPO to distribute the updates. Normally this is
> possible
> > without any user interaction/notification. Because all of our users are
> > local administrators they see the notifications.
> >
> > We have found a solution for this problem, and that is to enable the
> setting
> > "Remove access to use all Windows Update features" in GPO under User
> > Configuration\Administrative Templates\Windows Components\Windows
Update.
> >
> > We have enabled this setting but it seems that this GPO setting is not
> > distributed. We have even tried a gpupdate/force on the workstations.
But
> > when we view the "Resultant Set of Policy" through rsop.msc on the
> > workstations, this new setting is not enabled.
> >
> > Any ideas anybody?
> >
> > Thanks,
> >
> > Jan
> >
> >
>
>