[windows2000] Re: SV: Re: SUS

  • From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Fri, 4 Jun 2004 14:59:29 -0400

Rather than creating OU's, you could have created "Security Groups" with
the computer accounts in it, remove the "Authenticated users/Apply
Policy" permission, and add the "GroupOfComputers/Apply Policy"
permission.
 
People tend to create OU's for the wrong reasons... the only real reason
to create a new OU is to create an administrative boundary.
 
My opinion, at least...
 

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc. 

 

________________________________

From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas
Posted At: Friday, June 04, 2004 2:32 PM
Posted To: Windows 2000
Conversation: [windows2000] Re: SV: Re: SUS
Subject: [windows2000] Re: SV: Re: SUS


I am not sure that is the best way.
 
I tried assigning the SUS Client to computers and got lots of error
messages for computers that already had the client because they were SP4
or SP4 saying the install had failed because it did not have SP1 or
?SP2?(not sure about the sp2).
 
So first, I don't think you should use same policy because you will want
a bunch of computers in that OU and you probably don't want to group
computers based on what service pack it has but more likely on who uses
the computer and what their software/security needs are.
 
I ended up trying separate OU's to install the client and then moving
them to their proper OU after the client was installed.  I did manual
installs of SP4 on those clients where the Group Policy install of the
client didn't work.
 
I first tried to use Group Policy to install SP4 (which Microsoft does
NOT recommend) and found about a 50% success rate there.  
 
Now, though, after I have SP4 on all my Win2000 Pro computers, the SUS
is working really well.
 
The reporting is less then stellar because the reporting doesn't appear
to look at the same list as SUS and may even use different metrics to
determine if the patch is installed.
 
Douglas Jensen 
Douglas.Jensen@xxxxxxxxxxxxx 
Voice (952) 402-9821 
Fax    (952) 402-9815 
Network Administrator 
Scott Carver Dakota CAP Agency, Inc. 
712 Canterbury Road 
Shakopee, MN 55379 
www.capagency.org 

        -----Original Message-----
        From: Svein Arild Haugum [mailto:svein@xxxxxxxxxxxxxx]
        Sent: Friday, June 04, 2004 12:18 PM
        To: windows2000@xxxxxxxxxxxxx
        Subject: [windows2000] SV: Re: SUS
        
        
        Only half true.
         
        The best way to do is it to assign the SUS klient software to
the computers you are going to manage, trough the same AD policy as you
configure SUS. (The MSI files are preconfigured and ready for AD
deployment.
         
        This way a pre-sp3 computer starts up, gets the client and the
configuration, and the first download would be the latest servicepack.
         
        By doing it like this, you eliminate the need for SP1(XP) and
SP3(2000).
         

        Mvh 
        Svein Arild 

        -----Opprinnelig melding-----
        Fra: Phil Smith [mailto:psmith@xxxxxxxxxxxxxx]
        Sendt: 4. juni 2004 14:14
        Til: 'windows2000@xxxxxxxxxxxxx'
        Emne: [windows2000] Re: SUS
        
        
        Has the policy taken effect on the workstation?  You can check
by going to the control panel and opening Automatic Updates and seeing
if it is grayed out or if you can make modifications to it. If you can
modify it then the client has not gotten the policy yet.
         
        Win2k clients must have at least SP3
        XP clients must have at least SP1
         
        Check this community web page http://www.susserver.com  lots of
good info for SUS there.

                -----Original Message-----
                From: Mark Cook [mailto:mc@xxxxxxxxxx]
                Sent: Friday, June 04, 2004 7:02 AM
                To: 'windows2000@xxxxxxxxxxxxx'
                Subject: [windows2000] SUS
                
                

                Stumbling from bloody RIS to SUS now I'm afraid, life's
one big acronym :-)

                 

                Our SUS seems to have stopped working, or at least part
of it.  The main SUS server sync's with MS each day no problem, we
approve what we want/need to and the Domain Policy is set to apply this
to all PC's at 7am.  Now here's the strange thing - only some PC's get
the updates / others show absolutely no sign of activity in that area -
yet all PC's are SP4 Win2K PRO !  The policy is set to tell the clients
to locate the SUS server by it's IP address so no resolution issues ?
Anyone got any suggestions or seen this before ?

                 

                Cheers

                 

                Mark

Other related posts: