Show
Publisher SummaryThe chapter discusses whether one's clients exist in an active directory, a workgroup, a stand-alone machine, and an NT 4.0 Domain, or can a secure demilitarized zone (DMZ), windows server update services (WSUS) be used as a centralized server to update them. By using Group Policy, Local Policy, or the registry or legacy System Policy, one can configure and deploy WSUS client settings quickly and easily. With the new self-update feature of WSUS, older SUS clients can automatically update their automatic updates (AU) clients to be WSUS-compatible and can begin scheduling approved updates without any interruption. The new functionality in WSUS allows administrators the option to update a variety of Microsoft products, including the Microsoft Office Suite, Microsoft Exchange, Microsoft Structured Query Language (SQL) 2000 WMSDE, and so on. Troubleshooting and investigating WSUS client update behavior can be accomplished using various log files, downloadable diagnostic tools, and online support from WSUS administrators. WSUS is everything one needs if one respects its capabilities and learns how to use it effectively and efficiently. Cited by (0)Copyright © 2006 Elsevier Inc. All rights reserved. The heart of WSUS management is the capability to target updates to groups of client computers. WSUS provides a mechanism to help you ensure that the right computers get the rights updates at the right time. In fact, computer groups ensure that client computers receive their updates in a consistent manner on an ongoing basis. Computers will always belong to two groups. Every computer belongs to the All Computers group. However, they will also belong to the Unassigned Computers group until you assign them to your own custom group. A computer can belong to only one group in addition to the All Computers group. You can assign computers to computer groups using one of two methods.The first method is server-side targeting where you manually move computers from the Unassigned Computers group to a custom computer group. The second method is client-side targeting where you use Group Policy or edited registry settings on client computers. Computers that are configured with client-side targeting automatically add themselves to computer groups on their managing WSUS server.You must choose either server-side or client-side targeting for each WSUS server as a global setting for all managed computers; however, you do not have to configure all your WSUS servers with the same setting. Some can be configured for server-side targeting while others are configured for client-side targeting. A summary of the computer group targeting methods and their configuration is listed in Table 9.2. Table 9.2 Computer Group Targeting Method Targeting Method Summary How to Configure Server-Side TargetingWhen configuring serverside targeting, use the WSUS Web-based administration console to create computer groups and then assign client computers to those groups. Server-side targeting is a good choice for organizations that do not have many client computers to update and you want to move client computers into computer groups manually. This method also makes sense for computers that you frequently move between computer groups. To enable server-side targeting on your WSUS server, click the Use the Move computers task in Windows Server Update Services option on the Computers Options page. Continued Table 9.2 continued Computer Group Targeting Method Targeting Method Summary How to Configure Client-Side TargetingWhen configuring clientside targeting, you configure client computers to automatically add themselves to the computer groups that you previously created in the WSUS Web-based administration console. You can configure client-side targeting through an Active Directory Group Policy Object (GPO). If client computers are not members of an Active Directory domain, you can automatically assign them to a computer group by editing registry entries for the client computers. This will generate the results as configuration through Group Policy with some additional parameters. When the client computers connect and check-in with their corresponding WSUS server in both cases, they will add themselves into the indicated computer group automatically. Client-side targeting makes sense if you have many client computers and want to automate the process of assigning them to c omputer groups. This is also a good choice when you want to enforce computer group membership without relying on manual intervention of group assignment. To enable client-side targeting on your WSUS server, click the Use Group Policy or registry settings on client computers option on the "Computers Options" page. Configuring WSUS settings via registry settings can be performed on an individual basis, via login scripts, or through NT 4.0 system policy.Table 9.3 lists the registry entries for the WSUS environment options. These entries can be found under the registry key: HKEY_LOCAL_MACHINE\SojiwarePolkksMkrosoji\Wmdows\WmdowsUpdaie. Table 9.3 Registry Entries for Setting WSUS Options Entry Name Values Data Type ElevateNonAdmins TargetGroup TargetGroupEnabled WUServer Possible values: 0 or 1 Reg_DWORD 0: Only users in the Administrators user group can approve or disapprove updates. 1: Users in the Users security group are allowed to approve or disapprove updates. Name of the computer Reg_String group to which the computer belongs. This should be configured for client-side targeting only. TargetGroupEnabled should be set along with this policy. Possible values: 0 or 1 Reg_DWORD 0: Do not use client-side targeting. TargetGroup should be set along with this policy. 1: Use client-side targeting. The URL of the WSUS Reg_String server used by Automatic Updates and Application Programming Interface (API) callers. This policy is paired with WUStatusServer and should be set along with this policy and should be the same value in order for them to be valid. Continued Managing the WSUS Environment • Chapter 9 317 Table 9.3 continued Registry Entries for Setting WSUS Options Entry Name Values Data Type WUStatusServer The URL of the server to Reg_String which reporting information will be sent for client computers that use the WSUS server configured by the WUServer key. This policy is paired with WUServer and should be set along with this policy and should be set to the same value in order for them to be valid. Additional configuration of the Automatic Update agent can be also be made via registry settings that can be made on an individual basis, set by login scripts, or through NT 4.0 system policy.Table 9.4 lists the registry entries for the Automatic Update agent options. These entries can be found under the registry key: HKEY_LOCAL_MACHINESoftwarePoUties\Mkrosoft\Wmdows\WmdowsUpdateAU. Table 9.4 Registry Entries for Automatic Update Agent Configuration Registry Entry Name Values Registry Data Type AUOptions Possible values: 2, 3, 4, Reg_DWORD or 5 2: Notify before download. 3: Automatically download and notify of installation. 4: Automatic download and scheduled installation. This is only valid if values exist for the entries of ScheduledInstallDay and ScheduledInstallTime. 5: Automatic Updates is required, but end users can configure it. Continued Table 9.4 continued Registry Entries for Automatic Update Agent Configuration Registry Entry Name Values Registry Data Type Registry Entry Name Values Registry Data Type Table 9.4 continued Registry Entries for Automatic Update Agent Configuration
Continue reading here: Solutions Fast Track Upb Was this article helpful? What is clientWith client-side targeting, you use Group Policy or edit the registry settings on client computers to enable those computers to automatically add themselves into the computer groups. You must specify which method you will use by selecting one of the two options on the Computers Options page.
What MMC can be used for configuring clients for clientGroup policy or registry settings can be used to configure client-side targeting.
What is the group policy object path where you can configure settings to ensure that Windows clients can download updates from Windows Server Update Services?In the Group Policy Management Editor, Windows Update policies for computer-based configuration are located in the path PolicyName > Computer Configuration > Policies > Administrative Templates > Windows components > Windows Update.
What is clientThe client-side targeting on WSUS, when enabled, allows you to directly assign to a group declare in the console. This declaration is not done GPO or by modifying the register of the customer workstation. Once activated, it is no longer possible to change the assignment of a station by hand from the WSUS console.
|