RE: Software Restriction Policy and WSUS
- From: Pete B <PeteB@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Jan 2008 02:02:00 -0800
Thanks for your reply. I put the post in the group policy section as all of
the SRP settings are set via a group policy so I thought it was the right
section. I now that if an application is blocked, an event is written to the
event log but in this case it is not! There are no errors in the event log.
All of the updates just fail. As soon as I remove the GPO, all updates
succeed. That does make me think it is a GPO issue!
"Jian-Ping Zhu [MSFT]" wrote:
Dear Customer,.
Firstly, I'm sorry for the delay and all the inconvenience this might cause.
Thank you for your post. This is Neo and I will be assisting you in this
post.
From your description, I understand that:
You link one GPO to one OU in which you enable Software Restriction
Policies and only give access rights to Unrestricted software. After that,
computers in that OU can ' t perform Windows Update after downloading the
updates from WSUS Server. If you disable the SRP, then the update works.
You ask whether there are any exception of unrestricted software lists you
might miss.
If there is any misunderstanding, please let me know.
Analysis and suggestions:
======================
There is an easy way to check what access rights are necessary for running
Windows Update. After we enable Software Restriction Policies, if there is
any access denied by SRP, a warning message will be recorded in Application
Log of System Event Logs. The event source of this warning properties is
Software Restriction Policy.
Therefore, I recommend you run the update again, and then please open Event
Log and check the application logs to find whether there are any warning
messages. If yes, please check the event source and event description of
the warning properties. If the event source is Software Restriction Policy,
you could find the detailed information about what access is denied in
event description. After that, please try to add that access path to your
exception lists and have another test.
I hope this helps.
By the way, please note we are Windows Group Policy newsgroup and we mainly
focus Windows Group Policy issues here.
So, I will mainly provide suggestions on group policy side in this thread.
However, you are also welcome to post WSUS related questions to our WSUS
queues:
Microsoft.public.windowsupdate
The engineers and newsgroup members there are more experienced on
WSUS-related issues, and should be able to provide you with suggestions on
this kind of issues.
Thanks again for using our products and have a nice day!
Sincerely,
Neo Zhu,
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Follow-Ups:
- RE: Software Restriction Policy and WSUS
- From: Jian-Ping Zhu [MSFT]
- RE: Software Restriction Policy and WSUS
- References:
- RE: Software Restriction Policy and WSUS
- From: Jian-Ping Zhu [MSFT]
- RE: Software Restriction Policy and WSUS
- Prev by Date: RE: Software Restriction Policy and WSUS
- Next by Date: Using dcgpofix to reset policies
- Previous by thread: RE: Software Restriction Policy and WSUS
- Next by thread: RE: Software Restriction Policy and WSUS
- Index(es):
Relevant Pages
|
