Re: monitoring GPO
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/17/04
- Next message: Steven L Umbach: "Re: Edit restricted groups at domain level now locked out"
- Previous message: Brandon McHenry: "IPSEC Policy question"
- In reply to: Benji: "Re: monitoring GPO"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 17 Dec 2004 13:24:38 -0600
Well it sounds as if it is working if at least some of the computers are
working correctly. Maybe those computers were on at the scheduled update
time and the others were not. You can also configure updates behavior as to
what happens when an update schedule is missed such as installing them five
minutes after computer startup. It is also possible that if any of your
users are local administrators they may be aborting the updates when they
receive notification of updates being installed, though that can also be
changed via Group Policy. Of course dns configuration is critical for GP to
apply correctly so verify that your domain computers are using only Active
Directory domain controllers running dns as their preferred dns servers. As
far as multiple GPO's, the GPO with the highest priority will apply to a
computer if the computer is subject to multiple GPO's with the same defined
policy settings. If using Windows 2003 the Group Policy Management Console
[GPMC] and RSOP make it much easier to see exactly what is going on with
Group Policy. GPMC can also be used in a W2K domain if you install it on an
XP Pro domain member. You also may want to post in the
Microsoft.public.softwareupdatesvcs newsgroup which is dedicated to SUS
issues. --- Steve
"Benji" <gy1@radiant.net> wrote in message
news:10s66ir35ntnna6@corp.supernews.com...
> Thanks very much Steven,
>
> I have checked the client log file and I m not seeing the updates.
> Although I check others and I see the updates?
>
> To me it looks like some get the updates and some dont but all are in the
> same OU with the same update policy.
> I have used the gpresult on lots of the machines and I am getting the
> result set being correct.
> I am assuming that the policy at the bottom will be the correct
> effectiveness. I have a domain policy and a ou policy, there are no
> conflicting policy settings so I assume both would get applied.?
>
> Domain policy
> OU policy
>
> Looks like this in the gpresult output
>
> I run the MBSA tool and some have updates and some dont? weird. arg. I
> guess I could look further at the IIS logs. Run them through the online
> tool
>
> Thanks
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%235aTUb$4EHA.1192@tk2msftngp13.phx.gbl...
>> You can check the Windows update log on the client computers to see if
>> they are using your SUS server or check the registry on those computers
>> to verify that the computers have the proper settings. The link below
>> shows what to check.
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;328010
>>
>> Keep in mind that the policy will only affect the computers in the OU.
>> You can use the support tool gpresult or Group Policy Management
>> Console/RSOP for more detailed info on what computer policies are
>> applying to a domain computer. When you configure your Group Policy be
>> sure to use the fully qualified domain name for your SUS server as in
>> susserver.mydomain.com instead of just computer name. Also you must
>> approve some updates before computers will "pull" them from your SUS
>> server. --- Steve
>>
>>
>>
>> "Benji" <gy1@radiant.net> wrote in message
>> news:10s0u8t1thfur3b@corp.supernews.com...
>>>I have set up a OU policy for SUS but for some reason I dont think it is
>>>applying to all machines it should. What can I use to tell if the GPO has
>>>infact applied to my network. Can I scan all my pcs
>>>
>>> Thanks
>>>
>>
>>
>
>
- Next message: Steven L Umbach: "Re: Edit restricted groups at domain level now locked out"
- Previous message: Brandon McHenry: "IPSEC Policy question"
- In reply to: Benji: "Re: monitoring GPO"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
