Can a domain user allowed for Windows Updates and install software should be denied
-
Group policy is the way forward here if you have a central server with Active Directory and you're talking about a Windows environment.
Turn Windows updates on through Group Policy (https://technet.microsoft.com/en-us/library/cc708574(v=ws.10).aspx) and that's all you need really..?
-
is there any way to implement it without WSUS role
need to do via GPO
-
@RoopanKumar said in Can a domain user allowed for Windows Updates and install software should be denied:
is there any way to implement it without WSUS role
need to do via GPO
Yes, read the technet article. The first step is about WSUS - but ignore that. If there is no WSUS setup it will just use the online repository - just don't specify a custom server in any of the setup, therefore it will just use the Windows default one.
-
@NattNatt will try this and update you
-
The steps that matter:
-In the Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
-In the details pane, click Configure Automatic Updates.
-Click Enabled and select one of the following options:
Notify for download and notify for install. This option notifies a logged-on administrative user before the download and before the installation of the updates.-Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user before installing the updates.
-Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.
-Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.
Click OK.
-
@NattNatt so for this the system should be logged in domain user or does this need any spl permission
the domain user what am specifying wont have any rights to install s/w , is this user enough for the update process
or
while this process the system should be logged in administrator or local admin which will be having s/w installation rights
-
No, as long as you apply the group policy globally it should be fine for a normal user and will automatically download and install updates.
-
@NattNatt it wont be applied globally it will be applied only to a particular group or to a particular OU
-
@RoopanKumar said in Can a domain user allowed for Windows Updates and install software should be denied:
@NattNatt it wont be applied globally it will be applied only to a particular group or to a particular OU
Correct - same thing applies - it will only apply to people in the OU the GPP is applied to.
-
If you're using Windows 10 on the end points, this article would be good for you.
