Re: Automatic Updates as Limited User
From: Noel Paton (NoelDPspamless_at_btopenworld.com)
Date: 11/25/04
- Next message: John A: "Re: win auto update and SP2"
- Previous message: Noel Paton: "Re: Installation files left behind after Windows Update"
- In reply to: en7ropia: "Re: Automatic Updates as Limited User"
- Next in thread: en7ropia: "Re: Automatic Updates as Limited User"
- Reply: en7ropia: "Re: Automatic Updates as Limited User"
- Reply: en7ropia: "Re: Automatic Updates as Limited User"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 25 Nov 2004 19:44:07 -0000
Certainly, SP2 requires Admin access to install - but that was not the
question that you first asked!
SP2 is a major System Upgrade (and in earlier times, may have been
considered enough for a total version change - with all that that implies!),
and should \NE|VER be attempted outside of an Admin account - after first
ensuring that your PC is clear of all known interferences (malware, Norton,
running software - in that order!)
Again - any Security Update is likely to require Admin access - simply
because it's Security-related, and therefore only Admin users should have
access!
-- Noel Paton (MS-MVP 2002-2005, Windows) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "en7ropia" <en7ropia@discussions.microsoft.com> wrote in message news:D91E9E6C-4315-4946-A266-02A60EC2DAD5@microsoft.com... > Thanks for the link. > > From the article you linked to: > > "When critical updates are detected, Automatic Updates automatically > downloads these updates in the background while you are connected to the > Internet. After the download is complete, Automatic Updates waits until > the > scheduled day and time to install the updates. On the scheduled day and > time, > ALL LOCAL USERS receive the following message that has a five minute > countdown timer: " > > Windows is ready to begin installing the updates available for your > computer. > > Do you want Windows to install the updates now? > > (Windows will restarts your computer if no action is taken within 5:00 > minutes) > > > "If you are logged on as an administrator, when you receive this message, > you can either click Yes to install the updates or click No to have > Automatic > Updates install the updates at the next scheduled day and time. " > > (Note that limited users will see the No option disabled. They will be > forced to install the updates and reboot.) (Good) > > "If you do not take any action in five minutes, Windows automatically > installs the updates." > > -------------------------------------------- > > I actually tested this in Win 2000 Pro to see if it was working as the > article states: > > IT DID WORK! (Whether it will work consistently in the future is another > question.) > > (I needed to verify that auto updates was working under Limited user > accounts > because I was suspicious that I was not getting some updates) > > After the reboot, the limited user can log back in, and work normally. > > However, with XP, if SP2 had been download via AutoUpdates I'm thinking > that > an > Admin login might have been required after reboot. (to complete the SP2 > install) > > SP2 would have hopefully required Admin intervention to be installed. > > Can any one confirm or deny if Auto Updates (in XP) does in fact download > and install XP SP2 automatically? I would hope not. > > I have also noticed other "Windows Updates" such as IE program updates > that > required Admin login after the reboot in order to complete the install. > > (In fact Windows would not let the limited user log in until an Admin had > logged in first, so that the update could complete.) But these may just > have > been updates from "Windows Update" instead of "Automatic Updates". > > Thanks. > > > "Noel Paton" wrote: > >> IIRC, you're correct, - http://support.microsoft.com/?kbid=327838 >> gives some useful advice.... >> >> "If you are logged on as an administrator, the Automatic Updates feature >> in >> Windows notifies you when critical updates are available for your >> computer. >> There is a new Automatic Updates feature that you can use to specify the >> schedule that Windows follows to install updates on your computer. This >> article describes how to install this new Automatic Updates feature in >> Microsoft Windows XP and Microsoft Windows 2000 and how to use it to >> schedule Automatic Updates." >> >> HTH >> >> -- >> Noel Paton (MS-MVP 2002-2005, Windows) >> >> Nil Carborundum Illegitemi >> http://www.btinternet.com/~winnoel/millsrpch.htm >> http://tinyurl.com/6oztj >> >> Please read http://dts-l.org/goodpost.htm on how to post messages to NG's >> >> "en7ropia" <en7ropia@discussions.microsoft.com> wrote in message >> news:BD5F53DE-1C68-4199-BA14-0C4792B2F7ED@microsoft.com... >> > Actually, I think Automatic Updates is supposed to download but NOT >> > INSTALL >> > the updates while running under a Limited User account. >> > >> > Can anyone confirm this? >> > Thanks. >> > >> > "Lokesh Dave [MSFT]" wrote: >> > >> >> The Automatic Updates process runs as a service and you dont need to >> >> be >> >> logged on as an admin for AU to be able to detect, download or install >> >> updates. You could set Automatic Updates to install updates at a >> >> scheduled >> >> time. This way the updates will get installed even if you logged on as >> >> a >> >> non-admin (and even if you are not logged in at all). >> >> >> >> Lokesh >> >> >> >> >> >> -- >> >> This posting is provided "AS IS" with no warranties, and confers no >> >> rights. >> >> >> >> >> >> "en7ropia" wrote: >> >> >> >> > That doesn't answer my question. >> >> > >> >> > In any case, I would be fine with the Automatic Updates "process" >> >> > running >> >> > as admin in order to get the updates downloaded and installed. I >> >> > find >> >> > this >> >> > to be a serious issue. One should not be forced to be logged in as >> >> > an >> >> > administrator to acquire updates. What am I to do if I don't want a >> >> > user to >> >> > be able to have administrative access to a machine. How then does >> >> > that >> >> > user >> >> > get their Automatic Updates? (Someone has to log in as >> >> > administrator >> >> > to run >> >> > them??) >> >> > >> >> > There needs to be a way to have the "Automatic Updates" run under >> >> > the >> >> > administrator account, without the "limited user" having to type in >> >> > an >> >> > administrator password every time it needs to run. >> >> > >> >> > Basically, It would be nice if I could tell "Automatic Updates" to >> >> > run >> >> > under >> >> > the Admin account (I would have to type the admin password once to >> >> > configure >> >> > this) >> >> > >> >> > From then on it would run under the Admin account without prompting >> >> > for >> >> > password. (And this "Admin credential" would apply to AutoUpdates >> >> > ONLY!!!!!) >> >> > >> >> > RunAs.exe is a security problem because once you /savecred, anyone >> >> > can >> >> > runas >> >> > ANY PROCESS!!! under the administrator account without a password. >> >> > >> >> > Thanks. >> >> > >> >> > "Noel Paton" wrote: >> >> > >> >> > > By definition, anything that runs as an Admin is a security risk - >> >> > > the user >> >> > > has to evaluate that risk and decide if it's worth it. (there are >> >> > > a >> >> > > good few >> >> > > things that will also run in a Limited User account that are also >> >> > > Security >> >> > > risks - have you stopped them yet?) >> >> > > >> >> > > -- >> >> > > Noel Paton (MS-MVP 2002-2005, Windows) >> >> > > >> >> > > Nil Carborundum Illegitemi >> >> > > http://www.btinternet.com/~winnoel/millsrpch.htm >> >> > > http://tinyurl.com/6oztj >> >> > > >> >> > > Please read http://dts-l.org/goodpost.htm on how to post messages >> >> > > to >> >> > > NG's >> >> > > >> >> > > "en7ropia" <en7ropia@discussions.microsoft.com> wrote in message >> >> > > news:B038814A-72D3-498E-8EA1-00DE9C20DE07@microsoft.com... >> >> > > > Does anyone know if Microsoft supports a method of having >> >> > > > Automatic >> >> > > > Updates >> >> > > > run "Automatically" under a Limited User account? >> >> > > > >> >> > > > I have looked into "RunAs" but for it to not prompt for an >> >> > > > administrator >> >> > > > password, you must use the /savecred parameter which is a >> >> > > > security >> >> > > > problem. >> >> > > > >> >> > > > Thanks. >> >> > > >> >> > > >> >> > > >> >> >>
- Next message: John A: "Re: win auto update and SP2"
- Previous message: Noel Paton: "Re: Installation files left behind after Windows Update"
- In reply to: en7ropia: "Re: Automatic Updates as Limited User"
- Next in thread: en7ropia: "Re: Automatic Updates as Limited User"
- Reply: en7ropia: "Re: Automatic Updates as Limited User"
- Reply: en7ropia: "Re: Automatic Updates as Limited User"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
