[windows2000] Re: SV: Re: SUS

  • From: "Jensen, Douglas" <douglas.jensen@xxxxxxxxxxxxx>
  • To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
  • Date: Fri, 4 Jun 2004 14:03:49 -0500

That is probably true.
 
Group Policies are applied to OUs so I organized my OUs based on the
software needs.  
 
We have a very small company and don't have  the need of  administrative
boundaries so this seemed like a reasonable use.  Even if we had need of an
admin boundary, these are pretty much along the same lines and the software
needs so it works the same.
 
It can get confusing when the group policy applies to some in an OU but not
others.  I probably just need to work with it a bit to get that straight in
my head.
 
Any way, for a small place like ours, this works.
 
Douglas Jensen 
Douglas.Jensen@xxxxxxxxxxxxx 
Voice (952) 402-9821 
Fax    (952) 402-9815 
Network Administrator 
Scott Carver Dakota CAP Agency, Inc. 
712 Canterbury Road 
Shakopee, MN 55379 
www.capagency.org 

-----Original Message-----
From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]
Sent: Friday, June 04, 2004 1:59 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: SV: Re: SUS


Rather than creating OU's, you could have created "Security Groups" with the
computer accounts in it, remove the "Authenticated users/Apply Policy"
permission, and add the "GroupOfComputers/Apply Policy" permission.
 
People tend to create OU's for the wrong reasons... the only real reason to
create a new OU is to create an administrative boundary.
 
My opinion, at least...
 

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc. 

 

  _____  

From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas
Posted At: Friday, June 04, 2004 2:32 PM
Posted To: Windows 2000
Conversation: [windows2000] Re: SV: Re: SUS
Subject: [windows2000] Re: SV: Re: SUS


I am not sure that is the best way.
 
I tried assigning the SUS Client to computers and got lots of error messages
for computers that already had the client because they were SP4 or SP4
saying the install had failed because it did not have SP1 or ?SP2?(not sure
about the sp2).
 
So first, I don't think you should use same policy because you will want a
bunch of computers in that OU and you probably don't want to group computers
based on what service pack it has but more likely on who uses the computer
and what their software/security needs are.
 
I ended up trying separate OU's to install the client and then moving them
to their proper OU after the client was installed.  I did manual installs of
SP4 on those clients where the Group Policy install of the client didn't
work.
 
I first tried to use Group Policy to install SP4 (which Microsoft does NOT
recommend) and found about a 50% success rate there.  
 
Now, though, after I have SP4 on all my Win2000 Pro computers, the SUS is
working really well.
 
The reporting is less then stellar because the reporting doesn't appear to
look at the same list as SUS and may even use different metrics to determine
if the patch is installed.
 
Douglas Jensen 
Douglas.Jensen@xxxxxxxxxxxxx 
Voice (952) 402-9821 
Fax    (952) 402-9815 
Network Administrator 
Scott Carver Dakota CAP Agency, Inc. 
712 Canterbury Road 
Shakopee, MN 55379 
www.capagency.org 

-----Original Message-----
From: Svein Arild Haugum [mailto:svein@xxxxxxxxxxxxxx]
Sent: Friday, June 04, 2004 12:18 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] SV: Re: SUS


Only half true.
 
The best way to do is it to assign the SUS klient software to the computers
you are going to manage, trough the same AD policy as you configure SUS.
(The MSI files are preconfigured and ready for AD deployment.
 
This way a pre-sp3 computer starts up, gets the client and the
configuration, and the first download would be the latest servicepack.
 
By doing it like this, you eliminate the need for SP1(XP) and SP3(2000).
 

Mvh 
Svein Arild 

-----Opprinnelig melding-----
Fra: Phil Smith [mailto:psmith@xxxxxxxxxxxxxx]
Sendt: 4. juni 2004 14:14
Til: 'windows2000@xxxxxxxxxxxxx'
Emne: [windows2000] Re: SUS


Has the policy taken effect on the workstation?  You can check by going to
the control panel and opening Automatic Updates and seeing if it is grayed
out or if you can make modifications to it. If you can modify it then the
client has not gotten the policy yet.
 
Win2k clients must have at least SP3
XP clients must have at least SP1
 
Check this community web page http://www.susserver.com
<http://www.susserver.com>   lots of good info for SUS there.

-----Original Message-----
From: Mark Cook [mailto:mc@xxxxxxxxxx]
Sent: Friday, June 04, 2004 7:02 AM
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] SUS



Stumbling from bloody RIS to SUS now I'm afraid, life's one big acronym :-)

 

Our SUS seems to have stopped working, or at least part of it.  The main SUS
server sync's with MS each day no problem, we approve what we want/need to
and the Domain Policy is set to apply this to all PC's at 7am.  Now here's
the strange thing - only some PC's get the updates / others show absolutely
no sign of activity in that area - yet all PC's are SP4 Win2K PRO !  The
policy is set to tell the clients to locate the SUS server by it's IP
address so no resolution issues ?  Anyone got any suggestions or seen this
before ?

 

Cheers

 

Mark

Other related posts: