Re: Rescheduling missed updates with WSUS 3.0

If I'm reading your original post correctly, your users are local admins on
the client PCs? That would explain why they get the shield, and can choose
to install the updates or not. I agree that's a weakness, but I've only got
a couple of users who run as local admin. I'm one of them (don't tell Susan
Bradley), and I leave my PC running all the time, so mine are already
installed when I get here. I've recommended that the others just ignore the
shield, and let the updates either install at the scheduled time, or at
shutdown.

I would expect that if you tell AU to install the updates at mid-day, they
would install, but then the users (at least the non-admin users) would be
forced to reboot. Even admin users will get tortured with frequent requests
to reboot, although at least they can veto the request if they're paying
enough attention not to OK it without thinking.

Whatever you do, I recommend enabling the setting not to force the restart.
I haven't had any problems with non-admin users just doing the "install
updates and shut down" thing, allowing the updates to install at the end of
the work day - that becomes the default shutdown option if there are updates
waiting to install.

By the way, while I have client PCs set to "auto download and install," the
SBS and member servers are set to "auto download and notify." I don't ever
want a server to reboot itself unless I'm here to make sure it comes back up
normally, and I view automatically updating servers as an invitation for
your boss to call you with a big problem during your vacation.

This article explains all of this in detail - see the chart about 3/4 of the
way down that tells the effect of the settings on admin and non-admin users.

Managing the WSUS Automatic Updates Client Download, Install, and Reboot
Behavior with Group Policy
http://www.microsoft.com/technet/community/columns/sectip/st0506.mspx

"Arthur" <mynewsgroupaccount@xxxxxxxxx> wrote in message
news:uRlvxCbFIHA.748@xxxxxxxxxxxxxxxxxxxxxxx
Thanks very much for the information.
From your description it actually sounds like the system is behaving
correctly. RSOP returns the correct results.
I was under the impression that it would just go ahead and install the
updates if the schedule was missed not present the Yellow shield and ask
the admin user. That seems to me to describe "Download updates for me but
let me choose when to install them"

What would happen if the schedule was set for updating the clients at say
mid-day when it is more likely the PCs will be turned on ? Would the
updates just go ahead and install or would the yellow shield appear again
?

There seems to be some room for error when the admin user can decide not
to install the updates and can also choose not to install the updates at
shutdown time as well ?

"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23asfliaFIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx
First things first. It sounds like the policy might not be getting
applied to the workstations? If you look in CP -> Automatic Updates, can
you see that the policies you set are indicated there, with no ability to
change them? If you log into the workstation and do Start -> Run ->
Rsop.msc, do you see the policies in the results? (You might have to
restart the workstation several times - maybe 3 - before the policy will
be applied).

I have the policy set to not force a reboot if a user is logged in. So
if the PC is turned off when the update is scheduled, and the user has
local admin rights, when they restart they get the yellow shield
prompting them to apply the updates. If they don't, when they go to shut
down, they get "Install updates and shut down." If they don't shut down,
updates apply at the next scheduled time, as long as the user is logged
out.

Non-admin users get the same thing, except they don't see the shield or
have the option to manually install the missed updates. They either get
"Install updates and shut down," or the update installs at the next
scheduled time.


"Arthur" <mynewsgroupaccount@xxxxxxxxx> wrote in message
news:OgTMjbaFIHA.4712@xxxxxxxxxxxxxxxxxxxxxxx
I'm confused about the Automatic Update client when using WSUS.

I have installed WSUS 3.0 on the small business server and created the
Computer Groups. I have setup the schedule for the Client computers to
update at 3.00 a.m.

I have checked in the Groups Policy editor on the server and this all
seems to be setup in the right place.

What is confusing me is that if a client computer is turned off at night
it is not automatically updating after it turns on in the morning. It
shows an alert that updates are waiting but they are not getting
installed automatically.

According to the deployment guide on Technet this shold occur one minute
after reboot if the Reschedule Automatic Update scheduled installations
is set to not configured - see below.

If I use gpedit on the client then the settings do not show up as set at
all.

I must be missing something basic ?
Reschedule Automatic Updates scheduled installations
This policy specifies the amount of time that Automatic Updates should
wait after system startup before proceeding with a scheduled
installation that did not take place earlier.

If the status is set to Enabled, a missed installation will occur the
specified number of minutes after the computer is next started.

If the status is set to Disabled, a missed installation will occur with
the next scheduled installation.

If the status is set to Not Configured, a missed installation will occur
one minute after the next time the computer is started.

This policy applies only when Automatic Updates is configured to perform
scheduled installations of updates. If the Configure Automatic Updates
policy is disabled, this policy has no effect.

To reschedule Automatic Update scheduled installation

1. In the Group Policy Object Editor, expand Computer
Configuration, expand Administrative Templates, expand Windows
Components, and then click Windows Update.

2. In the details pane, click Reschedule Automatic Update
scheduled installations, click Enabled, and type the number of minutes
to wait.

3. Click OK.










.

Relevant Pages

  • Re: 800703E7 error message
    ... I get this message when trying to install service pack 2. ... > Check for hardware driver updates? ... > Patches and Updates! ... > drivers for your hardware/operating system. ...
    (microsoft.public.windowsupdate)
  • Re: Turn Off computer not working
    ... that says not to bother you again and click OK and try the shutdown ... I have downloaded a lot of updates via Microsoft's automatic updates. ... install important updates and turn off your computer". ...
    (microsoft.public.windowsxp.general)
  • Re: wsus question
    ... Did you install the .adm and configure it for the clients? ... POLICY!!AutoUpdateCfg ... AutoUpdateCfg="Configure Automatic Updates" ...
    (microsoft.public.windows.server.general)
  • Re: i cant update windows!
    ... > download, but at the very end of the process it says that the ... I havent been able to get any updates ... First - cleanup your machine and ready it for Service Pack 2. ... Then install Service Pack 2 from the downloaded install file (not the ...
    (microsoft.public.windowsxp.general)
  • Re: windows internet7.0
    ... internet explorer, do a custom scan, and hide the IE7 update. ... What the toolkit did is that it puts IE7 in Optional updates ... Automatic Updates does *not* mean the Internet Explorer will get ... users to choose whether to install Internet Explorer 7 ..." ...
    (microsoft.public.windowsxp.general)