SUS require admin previlegies on the client

Is it possible to install security patches from a SUS
server without having admin previlegies on the client?

Today all XP users are administrators on there own
computers to get updates from the SUS server installed.

Regards,

Christer Johansson

Shenan
Wed May 05 04:45:47 CDT 2004

Christer wrote:
> Is it possible to install security patches from a SUS
> server without having admin previlegies on the client?
>
> Today all XP users are administrators on there own
> computers to get updates from the SUS server installed.

If you want the best from SUS, you want the end users to NOT be admins.

--
<- Shenan ->
--

Christer
Wed May 05 06:12:14 CDT 2004

No, that's right, I do not want the users to be admins.

But if the not are admins, no security patches from the
SUS server will be installed.

Solution?

<- Christer ->

>-----Original Message-----
>Christer wrote:
>> Is it possible to install security patches from a SUS
>> server without having admin previlegies on the client?
>>
>> Today all XP users are administrators on there own
>> computers to get updates from the SUS server installed.
>
>If you want the best from SUS, you want the end users to
NOT be admins.
>
>--
><- Shenan ->
>--
>
>
>.
>

Torgeir
Wed May 05 15:00:57 CDT 2004

Christer wrote:

> Is it possible to install security patches from a SUS
> server without having admin previlegies on the client?
Hi

Yes, that is possible (more details further down).


Fyi, there is a separate newsgroup for SUS:

microsoft.public.softwareupdatesvcs

news://msnews.microsoft.com/microsoft.public.softwareupdatesvcs

URL to the group softwareupdatesvcs for those who uses the Web
interface to access the newsgroups:
http://www.microsoft.com/windowsserver2003/community/newsgroups/dgbrowser/en-us/default.mspx?dg=microsoft.public.softwareupdatesvcs

A Web site about SUS with a FAQ and a SUS forum:
http://www.susserver.com/

More SUS Web sites:
http://www.cites.uiuc.edu/sus/faq.html
http://www.faqshop.com/sus/default.htm


Back to your issue:

Set AUOptions to 4 (because that is the only setting that
will make SUS install updates even for non-admin users).


Below is an excerpt from the "Software Update Services Deployment
White Paper":

</quote>
AUOptions

Range = 2|3|4.
2 = notify of download and installation
3 = automatically download and notify of installation
4 = automatic download and scheduled installation.

All options notify the local administrator.
</quote>


See the chapter "Configuring the Automatic Updates client software"
in the white paper for more details.

Download link for "Software Update Services Deployment White Paper"
(SUS_Deployguide_sp1.doc) can be found under "More Information" at
http://www.microsoft.com/windowsserversystem/sus/default.mspx

--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx

Karl
Thu May 06 05:40:31 CDT 2004

SUS does NOT require users to be local admins to install patches. In fact,
it is a good way to install patches without being admin. The Automatic
Updates service runs with full System privileges.


"Christer" <anonymous@discussions.microsoft.com> wrote in message
news:8a0801c43291$d21ab970$a001280a@phx.gbl...
> No, that's right, I do not want the users to be admins.
>
> But if the not are admins, no security patches from the
> SUS server will be installed.
>
> Solution?
>
> <- Christer ->
>
> >-----Original Message-----
> >Christer wrote:
> >> Is it possible to install security patches from a SUS
> >> server without having admin previlegies on the client?
> >>
> >> Today all XP users are administrators on there own
> >> computers to get updates from the SUS server installed.
> >
> >If you want the best from SUS, you want the end users to
> NOT be admins.
> >
> >--
> ><- Shenan ->
> >--
> >
> >
> >.
> >