|
|
Running WSUS 3.0 on a standalone server to patch multiple machines in
multiple workgroups. No AD domain.
I am able to run the WSUS Admin MMC from my remote workstation, connect to
the WSUS 3.0 server and completely administrate it. I can't imagine this is
by design.
Does anyone have any ideas as to why I'm not being prompted for credentials?
I would think it should only allow local user accounts on the WSUS server
that belong to the 'WSUS Administrators' group.
|
|
You are right, you have to be member of WSUS admin group to do so.
--
Fei Cao
Microsoft, WSUS
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message
news:E80CF5DF-2D16-415B-A70D-5DA05E87F864[ at ]microsoft.com...
[Quoted Text] > Running WSUS 3.0 on a standalone server to patch multiple machines in
> multiple workgroups. No AD domain.
>
> I am able to run the WSUS Admin MMC from my remote workstation, connect to
> the WSUS 3.0 server and completely administrate it. I can't imagine this
> is
> by design.
>
> Does anyone have any ideas as to why I'm not being prompted for
> credentials?
> I would think it should only allow local user accounts on the WSUS server
> that belong to the 'WSUS Administrators' group.
>
>
|
|
Ok, can someone help me with this question:
Why am I not being prompted for credentials or getting access denied when
connecting to my standalone WSUS server (not a domain member) from a remote
workstation (member of a domain)?
The Update Services MMC allows me to manage the WSUS 3.0 server remotely
without using any credentials, thus using an account that is NOT a member of
the 'WSUS Administrators' group.
"Fei Cao (MSFT)" wrote:
[Quoted Text] > You are right, you have to be member of WSUS admin group to do so. > > > > -- > Fei Cao > Microsoft, WSUS > > This posting is provided "As Is" with no warranties, and confers no rights. > Use of included script samples are subject to the terms specified at > http://www.microsoft.com/info/cpyright.htm> > "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message > news:E80CF5DF-2D16-415B-A70D-5DA05E87F864[ at ]microsoft.com... > > Running WSUS 3.0 on a standalone server to patch multiple machines in > > multiple workgroups. No AD domain. > > > > I am able to run the WSUS Admin MMC from my remote workstation, connect to > > the WSUS 3.0 server and completely administrate it. I can't imagine this > > is > > by design. > > > > Does anyone have any ideas as to why I'm not being prompted for > > credentials? > > I would think it should only allow local user accounts on the WSUS server > > that belong to the 'WSUS Administrators' group. > > > > > > > |
|
Well do you have a local account on the WSUS server. I created an account
for myslef on the server with the same username and password as on my local
workstation then I don't need to authenticate. That is what I guess you do.
"CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message
news:094877AC-EEA7-4807-9209-20F90282BF73[ at ]microsoft.com...
[Quoted Text] > Ok, can someone help me with this question: > > Why am I not being prompted for credentials or getting access denied when > connecting to my standalone WSUS server (not a domain member) from a > remote > workstation (member of a domain)? > > The Update Services MMC allows me to manage the WSUS 3.0 server remotely > without using any credentials, thus using an account that is NOT a member > of > the 'WSUS Administrators' group. > > > > "Fei Cao (MSFT)" wrote: > >> You are right, you have to be member of WSUS admin group to do so. >> >> >> >> -- >> Fei Cao >> Microsoft, WSUS >> >> This posting is provided "As Is" with no warranties, and confers no >> rights. >> Use of included script samples are subject to the terms specified at >> http://www.microsoft.com/info/cpyright.htm>> >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message >> news:E80CF5DF-2D16-415B-A70D-5DA05E87F864[ at ]microsoft.com... >> > Running WSUS 3.0 on a standalone server to patch multiple machines in >> > multiple workgroups. No AD domain. >> > >> > I am able to run the WSUS Admin MMC from my remote workstation, connect >> > to >> > the WSUS 3.0 server and completely administrate it. I can't imagine >> > this >> > is >> > by design. >> > >> > Does anyone have any ideas as to why I'm not being prompted for >> > credentials? >> > I would think it should only allow local user accounts on the WSUS >> > server >> > that belong to the 'WSUS Administrators' group. >> > >> > >> >> >>
|
|
Sorry if this is a duplicate post.
Yes I have a local account on the WSUS server. It is completely different
from the domain account with which I'm logged into my workstation - the
workstation where I'm running the Update Services MMC.
I'm not prompted for any credentials when adding the WSUS server to the
console, or dismissed with 'access denied'.
Also, I'm connecting on port 8530 without SSL. This was an upgrade from WSUS
2.0 - I can't connect using port 80.
"matt" wrote:
[Quoted Text] > Well do you have a local account on the WSUS server. I created an account > for myslef on the server with the same username and password as on my local > workstation then I don't need to authenticate. That is what I guess you do. > > > > "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message > news:094877AC-EEA7-4807-9209-20F90282BF73[ at ]microsoft.com... > > Ok, can someone help me with this question: > > > > Why am I not being prompted for credentials or getting access denied when > > connecting to my standalone WSUS server (not a domain member) from a > > remote > > workstation (member of a domain)? > > > > The Update Services MMC allows me to manage the WSUS 3.0 server remotely > > without using any credentials, thus using an account that is NOT a member > > of > > the 'WSUS Administrators' group. > > > > > > > > "Fei Cao (MSFT)" wrote: > > > >> You are right, you have to be member of WSUS admin group to do so. > >> > >> > >> > >> -- > >> Fei Cao > >> Microsoft, WSUS > >> > >> This posting is provided "As Is" with no warranties, and confers no > >> rights. > >> Use of included script samples are subject to the terms specified at > >> http://www.microsoft.com/info/cpyright.htm> >> > >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message > >> news:E80CF5DF-2D16-415B-A70D-5DA05E87F864[ at ]microsoft.com... > >> > Running WSUS 3.0 on a standalone server to patch multiple machines in > >> > multiple workgroups. No AD domain. > >> > > >> > I am able to run the WSUS Admin MMC from my remote workstation, connect > >> > to > >> > the WSUS 3.0 server and completely administrate it. I can't imagine > >> > this > >> > is > >> > by design. > >> > > >> > Does anyone have any ideas as to why I'm not being prompted for > >> > credentials? > >> > I would think it should only allow local user accounts on the WSUS > >> > server > >> > that belong to the 'WSUS Administrators' group. > >> > > >> > > >> > >> > >> > > > |
|
Does your domain account have admin priviledge on the WSUS server too?
--
Fei Cao
Microsoft, WSUS
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message
news:6D3730AF-4CAB-497E-9820-46135EFE28E0[ at ]microsoft.com...
[Quoted Text] > Sorry if this is a duplicate post. > > Yes I have a local account on the WSUS server. It is completely different > from the domain account with which I'm logged into my workstation - the > workstation where I'm running the Update Services MMC. > > I'm not prompted for any credentials when adding the WSUS server to the > console, or dismissed with 'access denied'. > > Also, I'm connecting on port 8530 without SSL. This was an upgrade from > WSUS > 2.0 - I can't connect using port 80. > > > > "matt" wrote: > >> Well do you have a local account on the WSUS server. I created an >> account >> for myslef on the server with the same username and password as on my >> local >> workstation then I don't need to authenticate. That is what I guess you >> do. >> >> >> >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message >> news:094877AC-EEA7-4807-9209-20F90282BF73[ at ]microsoft.com... >> > Ok, can someone help me with this question: >> > >> > Why am I not being prompted for credentials or getting access denied >> > when >> > connecting to my standalone WSUS server (not a domain member) from a >> > remote >> > workstation (member of a domain)? >> > >> > The Update Services MMC allows me to manage the WSUS 3.0 server >> > remotely >> > without using any credentials, thus using an account that is NOT a >> > member >> > of >> > the 'WSUS Administrators' group. >> > >> > >> > >> > "Fei Cao (MSFT)" wrote: >> > >> >> You are right, you have to be member of WSUS admin group to do so. >> >> >> >> >> >> >> >> -- >> >> Fei Cao >> >> Microsoft, WSUS >> >> >> >> This posting is provided "As Is" with no warranties, and confers no >> >> rights. >> >> Use of included script samples are subject to the terms specified at >> >> http://www.microsoft.com/info/cpyright.htm>> >> >> >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message >> >> news:E80CF5DF-2D16-415B-A70D-5DA05E87F864[ at ]microsoft.com... >> >> > Running WSUS 3.0 on a standalone server to patch multiple machines >> >> > in >> >> > multiple workgroups. No AD domain. >> >> > >> >> > I am able to run the WSUS Admin MMC from my remote workstation, >> >> > connect >> >> > to >> >> > the WSUS 3.0 server and completely administrate it. I can't imagine >> >> > this >> >> > is >> >> > by design. >> >> > >> >> > Does anyone have any ideas as to why I'm not being prompted for >> >> > credentials? >> >> > I would think it should only allow local user accounts on the WSUS >> >> > server >> >> > that belong to the 'WSUS Administrators' group. >> >> > >> >> > >> >> >> >> >> >> >> >> >>
|
|
No.
The WSUS server is a standalone server - it's not a member of a domain.
"Fei Cao (MSFT)" wrote:
[Quoted Text] > Does your domain account have admin priviledge on the WSUS server too? > > -- > Fei Cao > Microsoft, WSUS > > This posting is provided "As Is" with no warranties, and confers no rights. > Use of included script samples are subject to the terms specified at > http://www.microsoft.com/info/cpyright.htm> > "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message > news:6D3730AF-4CAB-497E-9820-46135EFE28E0[ at ]microsoft.com... > > Sorry if this is a duplicate post. > > > > Yes I have a local account on the WSUS server. It is completely different > > from the domain account with which I'm logged into my workstation - the > > workstation where I'm running the Update Services MMC. > > > > I'm not prompted for any credentials when adding the WSUS server to the > > console, or dismissed with 'access denied'. > > > > Also, I'm connecting on port 8530 without SSL. This was an upgrade from > > WSUS > > 2.0 - I can't connect using port 80. > > > > > > > > "matt" wrote: > > > >> Well do you have a local account on the WSUS server. I created an > >> account > >> for myslef on the server with the same username and password as on my > >> local > >> workstation then I don't need to authenticate. That is what I guess you > >> do. > >> > >> > >> > >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message > >> news:094877AC-EEA7-4807-9209-20F90282BF73[ at ]microsoft.com... > >> > Ok, can someone help me with this question: > >> > > >> > Why am I not being prompted for credentials or getting access denied > >> > when > >> > connecting to my standalone WSUS server (not a domain member) from a > >> > remote > >> > workstation (member of a domain)? > >> > > >> > The Update Services MMC allows me to manage the WSUS 3.0 server > >> > remotely > >> > without using any credentials, thus using an account that is NOT a > >> > member > >> > of > >> > the 'WSUS Administrators' group. > >> > > >> > > >> > > >> > "Fei Cao (MSFT)" wrote: > >> > > >> >> You are right, you have to be member of WSUS admin group to do so. > >> >> > >> >> > >> >> > >> >> -- > >> >> Fei Cao > >> >> Microsoft, WSUS > >> >> > >> >> This posting is provided "As Is" with no warranties, and confers no > >> >> rights. > >> >> Use of included script samples are subject to the terms specified at > >> >> http://www.microsoft.com/info/cpyright.htm> >> >> > >> >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message > >> >> news:E80CF5DF-2D16-415B-A70D-5DA05E87F864[ at ]microsoft.com... > >> >> > Running WSUS 3.0 on a standalone server to patch multiple machines > >> >> > in > >> >> > multiple workgroups. No AD domain. > >> >> > > >> >> > I am able to run the WSUS Admin MMC from my remote workstation, > >> >> > connect > >> >> > to > >> >> > the WSUS 3.0 server and completely administrate it. I can't imagine > >> >> > this > >> >> > is > >> >> > by design. > >> >> > > >> >> > Does anyone have any ideas as to why I'm not being prompted for > >> >> > credentials? > >> >> > I would think it should only allow local user accounts on the WSUS > >> >> > server > >> >> > that belong to the 'WSUS Administrators' group. > >> >> > > >> >> > > >> >> > >> >> > >> >> > >> > >> > >> > > > |
|
Can you use your domain account to login to the machine where WSUS server is
installed?
Is it possible your current domain account at the work station has been
added as an admin to the machine where WSUS server is installed?
--
Fei Cao
Microsoft, WSUS
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message
news:13CFDA78-74A3-4EF9-B703-0B2EF154EF3D[ at ]microsoft.com...
[Quoted Text] > No. > > The WSUS server is a standalone server - it's not a member of a domain. > > > > "Fei Cao (MSFT)" wrote: > >> Does your domain account have admin priviledge on the WSUS server too? >> >> -- >> Fei Cao >> Microsoft, WSUS >> >> This posting is provided "As Is" with no warranties, and confers no >> rights. >> Use of included script samples are subject to the terms specified at >> http://www.microsoft.com/info/cpyright.htm>> >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message >> news:6D3730AF-4CAB-497E-9820-46135EFE28E0[ at ]microsoft.com... >> > Sorry if this is a duplicate post. >> > >> > Yes I have a local account on the WSUS server. It is completely >> > different >> > from the domain account with which I'm logged into my workstation - the >> > workstation where I'm running the Update Services MMC. >> > >> > I'm not prompted for any credentials when adding the WSUS server to the >> > console, or dismissed with 'access denied'. >> > >> > Also, I'm connecting on port 8530 without SSL. This was an upgrade from >> > WSUS >> > 2.0 - I can't connect using port 80. >> > >> > >> > >> > "matt" wrote: >> > >> >> Well do you have a local account on the WSUS server. I created an >> >> account >> >> for myslef on the server with the same username and password as on my >> >> local >> >> workstation then I don't need to authenticate. That is what I guess >> >> you >> >> do. >> >> >> >> >> >> >> >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message >> >> news:094877AC-EEA7-4807-9209-20F90282BF73[ at ]microsoft.com... >> >> > Ok, can someone help me with this question: >> >> > >> >> > Why am I not being prompted for credentials or getting access >> >> > denied >> >> > when >> >> > connecting to my standalone WSUS server (not a domain member) from a >> >> > remote >> >> > workstation (member of a domain)? >> >> > >> >> > The Update Services MMC allows me to manage the WSUS 3.0 server >> >> > remotely >> >> > without using any credentials, thus using an account that is NOT a >> >> > member >> >> > of >> >> > the 'WSUS Administrators' group. >> >> > >> >> > >> >> > >> >> > "Fei Cao (MSFT)" wrote: >> >> > >> >> >> You are right, you have to be member of WSUS admin group to do so. >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Fei Cao >> >> >> Microsoft, WSUS >> >> >> >> >> >> This posting is provided "As Is" with no warranties, and confers no >> >> >> rights. >> >> >> Use of included script samples are subject to the terms specified >> >> >> at >> >> >> http://www.microsoft.com/info/cpyright.htm>> >> >> >> >> >> "CEG_WINTEL" <CEGWINTEL[ at ]discussions.microsoft.com> wrote in message >> >> >> news:E80CF5DF-2D16-415B-A70D-5DA05E87F864[ at ]microsoft.com... >> >> >> > Running WSUS 3.0 on a standalone server to patch multiple >> >> >> > machines >> >> >> > in >> >> >> > multiple workgroups. No AD domain. >> >> >> > >> >> >> > I am able to run the WSUS Admin MMC from my remote workstation, >> >> >> > connect >> >> >> > to >> >> >> > the WSUS 3.0 server and completely administrate it. I can't >> >> >> > imagine >> >> >> > this >> >> >> > is >> >> >> > by design. >> >> >> > >> >> >> > Does anyone have any ideas as to why I'm not being prompted for >> >> >> > credentials? >> >> >> > I would think it should only allow local user accounts on the >> >> >> > WSUS >> >> >> > server >> >> >> > that belong to the 'WSUS Administrators' group. >> >> >> > >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>
|
|
[Quoted Text] > Can you use your domain account to login to the machine where WSUS server is
> installed?
Answer: NO - Obviously, only local server accounts can log in to a
standalone server. A standalone server is not a member of a domain. For
grins, I tried and the answer is still NO.
> Is it possible your current domain account at the work station has been
> added as an admin to the machine where WSUS server is installed?
Answer: NO. You can't add a domain account to a standalone server. The
server was never a member of a domain - there are no SIDs or non local
accounts showing up in any of the local groups on the WSUS server.
|
|
CEG_WINTEL wrote:
[Quoted Text] > Running WSUS 3.0 on a standalone server to patch multiple machines in
> multiple workgroups. No AD domain.
>
> I am able to run the WSUS Admin MMC from my remote workstation, connect to
> the WSUS 3.0 server and completely administrate it. I can't imagine this is
> by design.
Do you have an existing network connection to the standalone server?
As a troubleshooting step, try logging in with a different account (with a
different, unique password) and see if the same thing happens. That'll
determine whether it's a generic issue or something to do with your account.
Then try again with your own account having just logged in.
Harry.
|
|
On Tue, 1 May 2007 11:32:02 -0700, CEG_WINTEL
<CEGWINTEL[ at ]discussions.microsoft.com> wrote:
[Quoted Text] >Running WSUS 3.0 on a standalone server to patch multiple machines in
>multiple workgroups. No AD domain.
>
>I am able to run the WSUS Admin MMC from my remote workstation, connect to
>the WSUS 3.0 server and completely administrate it. I can't imagine this is
>by design.
>
>Does anyone have any ideas as to why I'm not being prompted for credentials?
>I would think it should only allow local user accounts on the WSUS server
>that belong to the 'WSUS Administrators' group.
>
Clearly you are logged in to this server with an account that has the rights to
manage WSUS. There are 3 possibilities I can think of.
1) You account name and password match one on the server.
2) You have a cached username/password - Ctrl Panel/Users/Advanced/Manager
Passwords
3) You have a connection such as a mapped drive that is connecting as an admin
on the server.
--
Dave Mills
There are 10 type of people, those that understand binary and those that don't.
|
|
"DaveMills" <DaveMills[ at ]newsgroup.nospam> wrote in message
news:deft33pesi4i45k8r99tkdvgb560mj7nck[ at ]4ax.com...
[Quoted Text] >>Running WSUS 3.0 on a standalone server to patch multiple machines in
>>multiple workgroups. No AD domain.
>>
>>I am able to run the WSUS Admin MMC from my remote workstation, connect to
>>the WSUS 3.0 server and completely administrate it. I can't imagine this
>>is
>>by design.
>>
>>Does anyone have any ideas as to why I'm not being prompted for
>>credentials?
>>I would think it should only allow local user accounts on the WSUS server
>>that belong to the 'WSUS Administrators' group.
>>
> Clearly you are logged in to this server with an account that has the
> rights to
> manage WSUS. There are 3 possibilities I can think of.
> 1) You account name and password match one on the server.
The most likely reason. It's 'by design' when executing Windows Peer-to-Peer
Networking.
If the account name and password on machine 'a' match any account
name/password on machine 'b', the user on machine 'a' will have access to
machine 'b' according to the permissions assigned to the account
name/password on machine 'b'.
In this case, if both account names are "Administrator" (Imagine that!), and
the passwords are identical (not so far fetched in a non-domain
environment), then pretty much any administrator on any machine has
administrative access to any other machine, simply by virtue of being logged
onto any one machine in the network.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
My problem is similar but with 1 small diference.
I have 1 main WSUS server on a 2003 Server belonging to my domain (but
not a dc).
Then on every branch ( we have like 30) i have a DC on each and i
installed an Autonomous WSUS server.
i have a technitian (that doesn't have Domain Admin access) that does
it's maintenance.
how do i give him permitions to administer these servers? I know that
if i put his account on local WSUS Administrators group i can access
the main server, but as the others are DC ther ain't no local groups.
Any ideias?
Thx,
Miguel Silva
--
Goolie
------------------------------------------------------------------------
Goolie's Profile: http://forums.techarena.in/member.php?userid=25844
View this thread: http://forums.techarena.in/showthread.php?t=739324
http://forums.techarena.in
|
|
Goolie wrote:
[Quoted Text] > Then on every branch ( we have like 30) i have a DC on each and i
> installed an Autonomous WSUS server.
> i have a technitian (that doesn't have Domain Admin access) that does
> it's maintenance.
> how do i give him permitions to administer these servers? I know that
> if i put his account on local WSUS Administrators group i can access
> the main server, but as the others are DC ther ain't no local groups.
For many purposes domain groups function like local groups on DCs, so it might
turn out that a WSUS Administrators group has been added to your domain and can
be used to give your technician access to all of the WSUS servers. Or you could
try creating the group and see if that works. (Remember you might need to
restart WSUS for this to take effect.)
Perhaps you could consider moving the WSUS service into a virtual machine on
each domain controller? There would be a licensing cost and a performance hit,
of course, so not an ideal solution. On the other hand, I'd be pretty nervous
about running IIS on a DC myself.
Harry.
|
|
"Harry Johnston" <harry[ at ]scms.waikato.ac.nz> wrote in message
news:%23NUMnQ%23mHHA.2596[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Goolie wrote:
>
>> Then on every branch ( we have like 30) i have a DC on each and i
>> installed an Autonomous WSUS server.
>> i have a technitian (that doesn't have Domain Admin access) that does
>> it's maintenance.
>> how do i give him permitions to administer these servers? I know that
>> if i put his account on local WSUS Administrators group i can access
>> the main server, but as the others are DC ther ain't no local groups.
>
> For many purposes domain groups function like local groups on DCs, so it
> might turn out that a WSUS Administrators group has been added to your
> domain and can be used to give your technician access to all of the WSUS
> servers.
I can confirm that if WSUS has been installed on a Domain Controller
anywhere in the domain, a DOMAIN\WSUS Administrators group was created, and
adding a user to that group will grant them access to all WSUS servers.
On the non-domain controller DCs, you'll want to make sure the DOMAIN\WSUS
Administrators group is made a member of the local "WSUS Administrators"
group to extend those permissions to non-DC WSUS servers.
> Perhaps you could consider moving the WSUS service into a virtual machine
> on each domain controller? There would be a licensing cost and a
> performance hit, of course, so not an ideal solution. On the other hand,
> I'd be pretty nervous about running IIS on a DC myself.
And, of course, there's always the basic architectural question of whether
or not the environment even requires the remote WSUS servers.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
On May 21, 6:00 pm, "Lawrence Garvin \(MVP\)"
<onsit...[ at ]community.nospam> wrote:
[Quoted Text] > "Harry Johnston" <h...[ at ]scms.waikato.ac.nz> wrote in message > > news:%23NUMnQ%23mHHA.2596[ at ]TK2MSFTNGP06.phx.gbl... > > > Goolie wrote: > > >> Then on every branch ( we have like 30) i have a DC on each and i > >> installed an Autonomous WSUS server. > >> i have a technitian (that doesn't have Domain Admin access) that does > >> it's maintenance. > >> how do i give him permitions to administer these servers? I know that > >> if i put his account on local WSUS Administrators group i can access > >> the main server, but as the others are DC ther ain't no local groups. > > > For many purposes domain groups function like local groups on DCs, so it > > might turn out that a WSUS Administrators group has been added to your > > domain and can be used to give your technician access to all of the WSUS > > servers. > > I can confirm that if WSUS has been installed on a Domain Controller > anywhere in the domain, a DOMAIN\WSUS Administrators group was created, and > adding a user to that group will grant them access to all WSUS servers. > > On the non-domain controller DCs, you'll want to make sure the DOMAIN\WSUS > Administrators group is made a member of the local "WSUS Administrators" > group to extend those permissions to non-DC WSUS servers. > > > Perhaps you could consider moving the WSUS service into a virtual machine > > on each domain controller? There would be a licensing cost and a > > performance hit, of course, so not an ideal solution. On the other hand, > > I'd be pretty nervous about running IIS on a DC myself. > > And, of course, there's always the basic architectural question of whether > or not the environment even requires the remote WSUS servers. > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D09...> > Everything you need for WSUS is at http://technet2.microsoft.com/windowsserver/en/technologies/featured/...> > And, almost everything else is at http://wsusinfo.onsitechsolutions.com> ....
Just out of curisoity what exactly is a:
>On the non-domain controller DCs,
Long day?
|
|
"Gus" <vines77[ at ]gmail.com> wrote in message
news:1179804105.766537.178610[ at ]u30g2000hsc.googlegroups.com...
[Quoted Text] > On May 21, 6:00 pm, "Lawrence Garvin \(MVP\)"
> <onsit...[ at ]community.nospam> wrote:
>> On the non-domain controller DCs, you'll want to make sure the
>> DOMAIN\WSUS
>> Administrators group is made a member of the local "WSUS Administrators"
>> group to extend those permissions to non-DC WSUS servers.
> Just out of curisoity what exactly is a:
>
>>On the non-domain controller DCs,
That should have read "On the non-domain controller WSUS Servers..."
> Long day?
Yesterday... 6pm... nope... just starting... :-/
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
|