Active Directory server 2003 AD Functional level- 2003
Running GP management from WIN 7 workstation (RSAT) I want my users/computers to get windows updates but I want them to have control over when they get installed and I dont want any auto restarts
I currently have :
Computer Configuration -->Admin Templates --> Windows Components --> Windows update --> Configure Automatic Updates ENABLED using Selection # 3
No settings have been set for the windows update in the user confguration section ....only for computer configuration
What I see happening is :
The WINDOWS UPDATE selection from ALL PROGRAMS does nothing as if it is now disabled
If user tries to go to Windows update website..they get a page that instructs how to setup windows update on the local machine so they cant do or even get to the Microsoft Window update site anymore so all this ,so far, would seem to be a good thing .....but
I am getting reports that users never get any notification that udates are ready to install....and they dont get "updates are being installed do not power off" when they shutdown.. I am getting the impression that they are never getting updated....
Here is how I test GP's in my domain: I have an OU called EXCLUSION ZONE (E.Z.) that has no GP's linked to it . I am underthe impression that I can trouble shoot or diagnose GP problems by putting the computer object in the E.Z. and the effect wil be that any GPO's in the Computer Configuration section will not get applied since thecomputer is inthe EZ.... and the same forthe User Configuration....if I need to be "restriction free" I can place both the user, and computer in the EZ and then do a restart of the users computer .
what happens now is.... if I put the computer in the EZ the user still cant use the windows update from the All Programs menu or get to the MS update site, they get no update notifications and no updates applied during the shutdown process
If I put the user in the EZ the user gets no notification that updates have been downloaded and are ready to install.... and if the user logs off or shuts dwom there is no update activity but the user can now use the windows update selection from All Programs and it tells there are 22 updates ready to install and if the user does select Windwos Update and sees there are updates.....but just closes the window and then does a shutdown.... the update start to be installed
so I am qiute confused as to
why the user account has to be GP free.. not the computer when the specified GPO is set under the Computer Configuration part of the policy and why the user would have to 1st select Windows update in order to getthe updates insateel only upon shutdown
and why the user nver gets any notifications that updates are ready to install