Hotfixes allways require admin rights ???

  • Thread starter Thread starter Frank
  • Start date Start date
F

Frank

Greetings!

I've got a bunch of Win2k workstations running in a domain
system (not AD). I can download a hotfix file and run it
just fine to update a workstation - as long as I go to the
workstation and log in as someone with admin priveleges. I
can roll it out right over the network. The hassle is that
I have to go to each workstation and log in.

Does it have to be this way? Is there any way that I can
run the hotfixes program files under a non-admin user
account? Note that having each user go up to the MS site
and independently download/update their individual
machines is NOT an option. That's going to take too long
and clog my internet access bandwidth. Rolling the patches
out over my network is much quicker.

NOTE that I posted a question in the registry forum about
possibly using the "RunOnce" family of registry settings
to do this. Please let me know if you have any experience
with this.

Thanks,
Frank
 
--------------------
From: "Frank" <[email protected]>
Subject: Hotfixes allways require admin rights ???
Date: Thu, 12 Feb 2004 13:52:06 -0800
Newsgroups: microsoft.public.win2000.windows_update

Greetings!

I've got a bunch of Win2k workstations running in a domain
system (not AD). I can download a hotfix file and run it
just fine to update a workstation - as long as I go to the
workstation and log in as someone with admin priveleges. I
can roll it out right over the network. The hassle is that
I have to go to each workstation and log in.

Does it have to be this way? Is there any way that I can
run the hotfixes program files under a non-admin user
account? Note that having each user go up to the MS site
and independently download/update their individual
machines is NOT an option. That's going to take too long
and clog my internet access bandwidth. Rolling the patches
out over my network is much quicker.

NOTE that I posted a question in the registry forum about
possibly using the "RunOnce" family of registry settings
to do this. Please let me know if you have any experience
with this.

Thanks,
Frank
--

Frank,

If you are in a 2000 or higher domain you could try pushing the updates with a Startup Script, which uses the local System
account instead of the User's account like a logon script does.

You could also setup a SUS server and use it with the Automatic Update client to update the workstations. This way only
the SUS server would have to go to the Internet to download the updates and the clients would get it from the SUS server.
The URLs below point to additional information on SUS.

http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx

http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-972C-
AE66A4E4BF6C&displaylang=en

Bill Peele
Microsoft Enterprise Support

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread
from which they originated.
 
Bill,

Thanks for your speedy and helpful response!

I'll look into the SUS scheme. As for the startup script idea ..."If you are
in a 2000 or higher domain you could try pushing the updates with a Startup
Script, which uses the local System account instead of the User's account
like a logon script does."
.... are you talking about some sort of scheduled task that would run a
routine under the local system account? Sounds interesting; I should have
thought of that. I forgot that you can run scheduled routines under various
accounts. That was the sticky point.

Please let me know of any good sources of info' on this topic.


Take care,
Frank





Bill Peele said:
--------------------
From: "Frank" <[email protected]>
Subject: Hotfixes allways require admin rights ???
Date: Thu, 12 Feb 2004 13:52:06 -0800
Newsgroups: microsoft.public.win2000.windows_update

Greetings!

I've got a bunch of Win2k workstations running in a domain
system (not AD). I can download a hotfix file and run it
just fine to update a workstation - as long as I go to the
workstation and log in as someone with admin priveleges. I
can roll it out right over the network. The hassle is that
I have to go to each workstation and log in.

Does it have to be this way? Is there any way that I can
run the hotfixes program files under a non-admin user
account? Note that having each user go up to the MS site
and independently download/update their individual
machines is NOT an option. That's going to take too long
and clog my internet access bandwidth. Rolling the patches
out over my network is much quicker.

NOTE that I posted a question in the registry forum about
possibly using the "RunOnce" family of registry settings
to do this. Please let me know if you have any experience
with this.

Thanks,
Frank
--

Frank,

If you are in a 2000 or higher domain you could try pushing the updates
with a Startup Script, which uses the local System
account instead of the User's account like a logon script does.

You could also setup a SUS server and use it with the Automatic Update
client to update the workstations. This way only
the SUS server would have to go to the Internet to download the updates
and the clients would get it from the SUS server.
The URLs below point to additional information on SUS.

http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx

http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-
972C-
AE66A4E4BF6C&displaylang=en

Bill Peele
Microsoft Enterprise Support

This posting is provided "AS IS" with no warranties, and confers no
rights. Use of included script samples are subject to the
terms specified at http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread
 
microsoft.public.win2000.windows_update:

[snip
... are you talking about some sort of scheduled task that would run a
routine under the local system account? Sounds interesting; I should have
thought of that. I forgot that you can run scheduled routines under various
accounts. That was the sticky point.

The proper tool for this is Active Directory's Machine Startup Script,
specified in Group Policy - it runs using the SYSTEM account.

Flip-side: the SYSTEM account doesn't have any network credentials, so
you have to grant access for network resources that this script might
need to Domain Computers.
Please let me know of any good sources of info' on this topic.

Google.

PS: Note to Bill Peele: Please don't post RTF to news groups.
 
Back
Top