Domain Policies , Security Center and Windows Update

  • Thread starter Thread starter Dups
  • Start date Start date
D

Dups

I am a consultant of a large company. I take care of several workstations in
my office. They are all Windows XP SP2. All workstations are on the same
domain.

I have all the people that use the workstations and myself setup as local
admins. When anyone of them tries going to www.update.microsoft.com they get
the error message saying that some policies are preventing them from
accessing the site. However, if I log on with my domain username I am able
to access the update site.

I have never asked to be a member of a domain group that has more access
than a regular user. However, from what I am experiencing with the update
site I assume that my username is part of some sort of domain group that has
access to the windows update site (or is there another explanation?)

So here are my questions.

Q1: With what you've read above. Is there another explanation as to why I
can access the windows update site while others cannot?

To my knowledge when you add a workstation onto the domain. There are domain
policies that come into effect. The domain policies should take over any
local policies that are in effect.

Q2: Can domain policies be applied different to different users depending on
the domain groups they belong to?


All workstations have "Download updates for me, but let me choose when to
install them" selected (greyed out so I assume the domain policy has choosen
this). This is fine, however, nobody ever receives a popup declaring that
there are updates needing to be installed. (I checked the local group
policies for Automatic Updates and there is nothing configured to disable the
pop ups). So I check the security center and notice that, once again
assuming, that the "Change the way Security Center alerts me" option is
greyed out. I assume that the option for Windows Update is not enabled in
here and this is the reason why nobody is receiving a notice that updates are
required. The only option I found in the local group policy editor is "Turn
on Security Center (Domain PCs only). Which doesn't seem to be an option that
will help fix my problem.

Q3: Is there a way to edit something in either the local group policies,
registry or somewhere that would allow me to "ungrey" the greyed out options
in Security Center?
 
Dups said:
I am a consultant of a large company. I take care of several
workstations in my office. They are all Windows XP SP2. All
workstations are on the same domain.

I have all the people that use the workstations and myself setup as
local admins.

OT, but that's not good. There's really no reason for that, and it can cause
tons of problems.
When anyone of them tries going to
www.update.microsoft.com they get the error message saying that some
policies are preventing them from accessing the site. However, if I
log on with my domain username I am able to access the update site.

I have never asked to be a member of a domain group that has more
access than a regular user. However, from what I am experiencing with
the update site I assume that my username is part of some sort of
domain group that has access to the windows update site (or is there
another explanation?)

Talk to your domain admins about this....
So here are my questions.

Q1: With what you've read above. Is there another explanation as to
why I can access the windows update site while others cannot?

Yes. Group policies could easily explain it.
To my knowledge when you add a workstation onto the domain. There are
domain policies that come into effect. The domain policies should
take over any local policies that are in effect.

Yes, that's correct.
Q2: Can domain policies be applied different to different users
depending on the domain groups they belong to?

Sure....that's not the only way to filter, but yes, it's true.
All workstations have "Download updates for me, but let me choose
when to install them" selected (greyed out so I assume the domain
policy has choosen this). This is fine, however, nobody ever receives
a popup declaring that there are updates needing to be installed. (I
checked the local group policies for Automatic Updates and there is
nothing configured to disable the pop ups). So I check the security
center and notice that, once again assuming, that the "Change the way
Security Center alerts me" option is greyed out. I assume that the
option for Windows Update is not enabled in here and this is the
reason why nobody is receiving a notice that updates are required.
The only option I found in the local group policy editor is "Turn on
Security Center (Domain PCs only). Which doesn't seem to be an option
that will help fix my problem.

OT, but your admins should probably look into WSUS if they haven't
investigated it already.
Q3: Is there a way to edit something in either the local group
policies, registry or somewhere that would allow me to "ungrey" the
greyed out options in Security Center?

Nope. I suggest that you bring this up with whomever designed & manages the
domain policies.
 
Back
Top