microsoft SUS

[sancho]

Hi ,

Is it possible to make with SUS the entire patch installtion
process automatically for the workstation in the domain ?

I mean that sus will check daily if there are new updates and than install
the updates to the pc's ? ( the users are not local admin ).

Thanks

 

[Resonate]

Yes

but you must download the patches and approve them by synchronising your SUS
server. This can be automated also.

you need the wuau.adm file (shipped with SUS) in group policy to configure
the GPO's to send the updates to clients. Set it to setting 4 and a time
when pc's are normally switched on, from here you can confgure it daily.

 

[Karl Levinson [x y] mvp]

That's exactly the way SUS works.

Below is a sample .REG file that configures SUS to work this way.
There are a variety of ways you can push these registry values down to
your PCs.

With these settings, SUS / WUS / AU checks once a day every day,
installs downloaded patches at 3am or immediately after reboot if an
installation is missed, and automatically reboots. I think these
settings will work for most people If you have servers that you don't
want to automatically reboot, you can and should still push patches to
them via WUS, just change "AUOptions" from 4 to 3. For most people,
this is the only setting you would probably ever want to consider
changing.

For more information, read the SUS deployment documentation.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://yoursusserver"
"WUStatusServer"="http://yoursuslogserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
"RescheduleWaitTime"=dword:00000001