So this topic appears to be a pretty often touched one but no one has actually provided the answer I'm looking for, at least that I can find. My work environment is a nightmare. I work for a network of hospitals and they were using SMS then SUS to deploy updates before they moved all their computers from XP SP1 to XP SP2. Now being that it’s a hospital environment there is no such thing as downtime. The majority of our computers stay on virtually 24x7. They were migrating their SUS to WSUS 2.0 when I arrived. I've come in and tried to finish this migration for them but have run into a major snag. I need a way to force the computers to download and install the updates without any user intervention. So naturally I chose the option "Automatically download updates and install them on the schedule specified". I had a time and date specified (28th @ 3PM), but later found out that I could not choose a date that way. Here we have a Change Control Board (CCB) that must be consulted before any changes to the environment can be made. The standard restrictions are that no changes can be made on the weekends, Fridays, holidays, or Pay weeks. So can you see my first problem? So thinking ok then I'll just say everyday and use deadlines. At the time I didn't truly understand what a deadline would do. I was under the impression that as long as I had the option "No auto-restart for scheduled Automatic Updates installations" checked I was safe from auto-restarts. Huh think again. I learned quickly and thankfully in my test environment just what deadlines do. I later noticed that the "No Auto-restart..." policy specifically says "Supported on Windows Server 2003, XP SP1, 2000 SP3”. What is that all about? Does this not work for XP SP2, or am I missing something here? I thought well maybe they never updated the Automatic Update Template in AD, so I got the Server 2003 SP1 (latest version says Microsoft). Well that was no better, more options yes but not for my dilemma. I could never have something in use that will force the user to reboot in a 5 minute window. As a standard we give 30 minute windows in any restart situation. I tried just approving an update without setting a deadline and it asked me if I wanted to install the update. Well I can't leave it up to my users to install because they’ll never do it. These are my current settings:
*Allow Automatic Updates immediate installation - Disabled
*Allow non-administrators to receive update notifications - Enabled
*Automatic Updates detection frequency - Enabled - 16hours
*Configure Automatic Updates - Enabled - Auto download and schedule the install - everyday @ 3PM
*Do not adjust default option to install Updates and Shutdown Windows dialog box - Enabled
*Enable Client-side targeting - Disabled
*Reschedule Automatic Updates scheduled installations - Enabled - Wait 16 minutes
*Specify intranet Microsoft update service location - Enabled - http://xxxxxxx
I guess all I'm looking for is a way to download and install updates on a day and time of my choosing every month and delay the reboot till the user reboots the system on XP SP2 machines. Is this possible or am I dreaming? Please any help is greatly appreciated.
*Allow Automatic Updates immediate installation - Disabled
*Allow non-administrators to receive update notifications - Enabled
*Automatic Updates detection frequency - Enabled - 16hours
*Configure Automatic Updates - Enabled - Auto download and schedule the install - everyday @ 3PM
*Do not adjust default option to install Updates and Shutdown Windows dialog box - Enabled
*Enable Client-side targeting - Disabled
*Reschedule Automatic Updates scheduled installations - Enabled - Wait 16 minutes
*Specify intranet Microsoft update service location - Enabled - http://xxxxxxx
I guess all I'm looking for is a way to download and install updates on a day and time of my choosing every month and delay the reboot till the user reboots the system on XP SP2 machines. Is this possible or am I dreaming? Please any help is greatly appreciated.