Nicki Messerschmidt, Linksystem Muenchen GmbH
2004-May-06 12:24 UTC
[Samba] Administrator rights for Windows update?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi List, is it really necessary to add every user to the administrators group to allow them to update their windows boxes? I really can't believe this... Cheers Nicki - -- Linksystem Muenchen GmbH info@link-m.de Schloerstrasse 10 http://www.link-m.de 80634 Muenchen Tel. 089 / 890 518-0 We make the Net work. Fax 089 / 890 518-77 PGP-Key: https://www.link-m.de/pgp/n.messerschmidt.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Get keys at: https://www.link-m.de/pgp iD8DBQFAmi6J6zWc+bXuIEMRAnNjAKDqT4UP8NVIP0Ew6t2QGa6dQUvJYACfek+A YwwgmzMloe3iVuYXcxiMbIk=swAu -----END PGP SIGNATURE-----
Is it necessary to give root access to install system wide packages in UNIX? There is really no difference, aside from this being a new concept to long time windows users. Installing updates requires enough permissions to modify/delete critical system files, and you don't want Joe Schmoe doing that. Nicki Messerschmidt, Linksystem Muenchen GmbH wrote:>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hi List, >is it really necessary to add every user to the administrators group to >allow them to update their windows boxes? I really can't believe this... > > > >Cheers >Nicki > >- -- >Linksystem Muenchen GmbH info@link-m.de >Schloerstrasse 10 http://www.link-m.de >80634 Muenchen Tel. 089 / 890 518-0 >We make the Net work. Fax 089 / 890 518-77 >PGP-Key: https://www.link-m.de/pgp/n.messerschmidt.asc >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.1 (GNU/Linux) >Comment: Get keys at: https://www.link-m.de/pgp > >iD8DBQFAmi6J6zWc+bXuIEMRAnNjAKDqT4UP8NVIP0Ew6t2QGa6dQUvJYACfek+A >YwwgmzMloe3iVuYXcxiMbIk>=swAu >-----END PGP SIGNATURE----- > > >-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:pgienger@ae-solutions.com
You can use the registry on each machine to set the settings for SUS, the following keys can be modified to set the required settings after you have installed the SUS client:- HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU (Might need to be created) NoAutoUpdate Range = 0|1. 0 = Automatic Updates is enabled (default), 1 = Automatic Updates is disabled. Registry Value Type: Reg_DWORD AUOptions Range = 2|3|4. 2 = notify of download and installation, 3 = automatically download and notify of installation, and 4 = automatic download and scheduled installation. All options notify the local administrator. Registry Value Type: Reg_DWORD ScheduledInstallDay Range = 0|1|2|3|4|5|6|7. 0 = Every day; 1 through 7 = the days of the week from Sunday (1) to Saturday (7). Registry Value Type: Reg_DWORD ScheduledInstallTime Range = n; where n = the time of day in 24-hour format (0-23). Registry Value Type: Reg_DWORD UseWUServer Set this to 1 to enable Automatic Updates to use the server running Software Update Services as specified in WUServer below. Registry Value Type: Reg_DWORD HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate WUServer Sets the Software Update Services server by HTTP name (for example, http://IntranetSUS). Registry Value Type: Reg_SZ WUStatusServer Sets the Software Update Services statistics server by HTTP name (for example, http://IntranetSUS). Registry Value Type: Reg_SZ You use a .reg file and have it applied in a login script in theory. I have done this for other applications to make registry changes in the past and it seems to work ok. However I have never applied it using a samba server as I am a complete Active Directory shop and use GPO instead. There is a document on www.microsoft.com/sus which details the deployment of an SUS server. Hope this helps Jez -----Original Message----- From: samba-bounces+jeramy.eling=britax-pmg.com@lists.samba.org [mailto:samba-bounces+jeramy.eling=britax-pmg.com@lists.samba.org]On Behalf Of Clint Sharp Sent: 07 May 2004 08:29 To: Andrew Bartlett Cc: samba; Nicki Messerschmidt Subject: Re: [Samba] Administrator rights for Windows update? Andrew Bartlett wrote:>On Thu, 2004-05-06 at 22:43, Nicki Messerschmidt wrote: > > >SUS works surprisingly well, but I think you can just set a policy for >the machines to update themselves automatically from the master site if >you wish. > >Andrew Bartlett > > >We're considering a SUS deployment. What are you (or others on the list) doing to push the policy to tell the clients which SUS server to pull the updates from and when? From the Microsoft documentation I read, it appears this is best achieved through GPO, which is obviously not an option with a Samba PDC. I've considered using regmon to see what changes GPO writes and adding these to a login script (using runas and sanur to install the settings from the login script, like we do for most everything that requires admin privs), but I was hoping someone had already solved this problem. Ideas? Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba