All,
Early last week, I set up a GPO to setup WSUS entries for
workstations. I've probably fubar'ed something, but I can't figure it
out.
The issue today is that I've got some random updates (starting last
night and continuing on through today) installing and rebooting
machines - I haven't yet figured out how many machines.
When I look into the WSUS administrative interface, I see that some of
the updates were approved on Monday evening with a deadline of 4am
Tuesday, and some of the updates were not approved at all, yet
installed anyway starting last night. In particular we don't use WSUS
to distribute the Junk email filters.
By looking at c:\Windows\WindowsUpdate.log, I see that all of the
updates are being downloaded from the WSUS server, however.
The 4 updates that seem to be in common so far are:
- Update for Root Certificates [August 2010] (KB931125)
- Update for Internet Explorer 8 Compatibility View List for
Windows XP (KB2362765)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2291595)
- Security Update for Microsoft Office Outlook 2003 (KB2293428)
The above are what installed on my machine, but others have gotten
them, plus others.
I tried to find a way to export the GPO settings directly, but had to
resort to going into my workstation's registry and exporting the
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate subtree.
The Group Policy settings that have been applied to the workstations
are below - can anyone see what I might have done wrong?
Thanks,
Kurt
Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Class Name: <NO CLASS>
Last Write Time: 2010-10-09 - 17:55
Value 0
Name: WUServer
Type: REG_SZ
Data: http://wsus
Value 1
Name: WUStatusServer
Type: REG_SZ
Data: http://wsus
Value 2
Name: AcceptTrustedPublisherCerts
Type: REG_DWORD
Data: 0x1
Key Name:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Class Name: <NO CLASS>
Last Write Time: 2010-10-09 - 17:55
Value 0
Name: NoAutoRebootWithLoggedOnUsers
Type: REG_DWORD
Data: 0x1
Value 1
Name: RescheduleWaitTime
Type: REG_DWORD
Data: 0x1
Value 2
Name: UseWUServer
Type: REG_DWORD
Data: 0x1
Value 3
Name: DetectionFrequencyEnabled
Type: REG_DWORD
Data: 0x1
Value 4
Name: DetectionFrequency
Type: REG_DWORD
Data: 0x8
Value 5
Name: AutoInstallMinorUpdates
Type: REG_DWORD
Data: 0x1
Value 6
Name: RebootWarningTimeoutEnabled
Type: REG_DWORD
Data: 0x1
Value 7
Name: RebootWarningTimeout
Type: REG_DWORD
Data: 0x5
Value 8
Name: RebootRelaunchTimeoutEnabled
Type: REG_DWORD
Data: 0x1
Value 9
Name: RebootRelaunchTimeout
Type: REG_DWORD
Data: 0xa
Value 10
Name: AUPowerManagement
Type: REG_DWORD
Data: 0x1
Value 11
Name: NoAutoUpdate
Type: REG_DWORD
Data: 0x0
Value 12
Name: AUOptions
Type: REG_DWORD
Data: 0x4
Value 13
Name: ScheduledInstallDay
Type: REG_DWORD
Data: 0x0
Value 14
Name: ScheduledInstallTime
Type: REG_DWORD
Data: 0x3
Value 15
Name: NoAUShutdownOption
Type: REG_DWORD
Data: 0x1
Value 16
Name: NoAUAsDefaultShutdownOption
Type: REG_DWORD
Data: 0x0
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
