Auto Download and Install not working chokomoloko[ at ]yahoo.ca 11/27/2008 12:09:10 AM My goal is to move client computers into an OU that differs from the Default Domain Policy in regards to Auto Update. I want the new OU to force the clients to auto download and install critical updates, the default Domain Policy is to just notify clients that updates are available. 1. I have setup WSUS 3.0 on a LAN server and it seems to be working fine. 2. I have created a new OU on the domain with a WU GPO thusly: Policy Setting Allow Automatic Updates immediate installation Enabled Automatic Updates detection frequency Enabled Check for updates at the following interval (hours): 1 Policy Setting Configure Automatic Updates Enabled Configure automatic updating: 4 - Auto download and schedule the install The following settings are only required and applicable if 4 is selected. Scheduled install day: 0 - Every day Scheduled install time: 20:00 Policy Setting Delay Restart for scheduled installations Enabled Wait the following period before proceeding with a scheduled restart (minutes): 5 Policy Setting Enable client-side targeting Enabled Target group name for this computer upme Policy Setting Specify intranet Microsoft update service location Enabled Set the intranet update service for detecting updates: http://wsus-lan Set the intranet statistics server: http://wsus-lan (example: http://IntranetUpd01) Extra Registry Settings Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management. Setting State Software\Policies\Microsoft\Windows\WindowsUpdate\ElevateNonAdmins 1 ---------------- Now when I pull my personal COMPUTER into the new OU with the above policy it pops up nicely in WSUS and my computer then reports to me that there are 2 updates available for download. The same two updates that WSUS has been set to approved status. So the custom GPO works as it is directing the client to WSUS server and the WSUS server is reporting that the 2 approved updates are available BUT the client is still reporting the updates are "Now Available, Click here to Download". It is supposed to download and install automatically. So my custom GPO only half works. Here the tail of my windowsupdate log. I hope the formatting stays neat 2008-11-26 03:18:32:452 1388 7c4 AU ############# 2008-11-26 03:18:32:452 1388 7c4 AU ## START ## AU: Search for updates 2008-11-26 03:18:32:452 1388 7c4 AU ######### 2008-11-26 03:18:32:452 1388 7c4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] 2008-11-26 03:18:32:452 1388 174 Agent ************* 2008-11-26 03:18:32:452 1388 174 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2008-11-26 03:18:32:452 1388 174 Agent ********* 2008-11-26 03:18:32:452 1388 174 Agent * Online = Yes; Ignore download priority = No 2008-11-26 03:18:32:452 1388 174 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1" 2008-11-26 03:18:32:452 1388 174 Agent * ServiceID = {3DA21691- E39D-4DA6-8A4B-B43877BCB1B7} 2008-11-26 03:18:32:452 1388 174 Agent * Search Scope = {Machine} 2008-11-26 03:18:32:452 1388 174 Misc Validating signature for C: \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2008-11-26 03:18:32:452 1388 174 Misc Microsoft signed: Yes 2008-11-26 03:18:32:467 1388 174 Misc Validating signature for C: \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2008-11-26 03:18:32:467 1388 174 Misc Microsoft signed: Yes 2008-11-26 03:18:33:670 1388 174 Misc Validating signature for C: \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: 2008-11-26 03:18:33:670 1388 174 Misc Microsoft signed: Yes 2008-11-26 03:18:33:686 1388 174 Setup *********** Setup: Checking whether self-update is required *********** 2008-11-26 03:18:33:686 1388 174 Setup * Inf file: C:\WINDOWS \SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 2008-11-26 03:18:33:717 1388 174 Setup Update NOT required for C: \WINDOWS\system32\cdm.dll: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:748 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wuapi.dll: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:764 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wuapi.dll.mui: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:795 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wuauclt.exe: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:811 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wuaucpl.cpl: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:842 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:858 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wuaueng.dll: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:889 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wuaueng.dll.mui: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:920 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wucltui.dll: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:936 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wucltui.dll.mui: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:952 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wups.dll: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:33:983 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wups2.dll: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:34:014 1388 174 Setup Update NOT required for C: \WINDOWS\system32\wuweb.dll: target version = 7.2.6001.784, required version = 7.1.6001.65 2008-11-26 03:18:34:014 1388 174 Setup * IsUpdateRequired = No 2008-11-26 03:18:38:139 1388 174 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 2008-11-26 03:18:38:139 1388 174 PT + ServiceId = {3DA21691- E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus-lan/ClientWebService/client.asmx 2008-11-26 03:18:49:795 1388 174 PT +++++++++++ PT: Synchronizing extended update info +++++++++++ 2008-11-26 03:18:49:795 1388 174 PT + ServiceId = {3DA21691- E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsusr-lan/ClientWebService/client.asmx 2008-11-26 03:18:54:155 1388 174 Agent * Added update {2470E441-42FA-4397-B6AE-9E5498F47962}.103 to search result 2008-11-26 03:18:54:155 1388 174 Agent * Added update {9397A21F-246C-453B-AC05-65BF4FC6B68B}.101 to search result 2008-11-26 03:18:54:155 1388 174 Agent * Found 2 updates and 46 categories in search; evaluated appl. rules of 497 out of 746 deployed entities 2008-11-26 03:18:54:545 1388 174 Agent ********* 2008-11-26 03:18:54:545 1388 174 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2008-11-26 03:18:54:545 1388 174 Agent ************* 2008-11-26 03:18:54:545 1388 2d0 AU >>## RESUMED ## AU: Search for updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] 2008-11-26 03:18:54:545 1388 2d0 AU # 2 updates detected 2008-11-26 03:18:54:545 1388 2d0 AU ######### 2008-11-26 03:18:54:545 1388 2d0 AU ## END ## AU: Search for updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] 2008-11-26 03:18:54:545 1388 2d0 AU ############# 2008-11-26 03:18:54:561 1388 2d0 AU AU setting next detection timeout to 2008-11-26 12:07:36 2008-11-26 03:18:59:545 1388 174 Report REPORT EVENT: {D5C30C05- C25A-4F6D-9212-87BBF80B7BA7} 2008-11-26 03:18:54:545-0800 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 2 updates. 2008-11-26 03:18:59:545 1388 174 Report REPORT EVENT: {5B3A45CD- E3BF-4AB8-97A2-621C5FA65E67} 2008-11-26 03:18:54:545-0800 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status. 2008-11-26 03:25:49:371 1388 174 Report Uploading 2 events using cached cookie, reporting URL = http://wsus-lan/ReportingWebService/ReportingWebService.asmx Please advise. Thank you!

Re: Auto Download and Install not working chokomoloko[ at ]yahoo.ca 11/27/2008 2:28:29 AM On Nov 26, 4:09 pm, chokomol...[ at ]yahoo.ca wrote: [Quoted Text] > My goal is to move client computers into an OU that differs from the > Default Domain Policy in regards to Auto Update.  I want the new OU to > force the clients to auto download and install critical updates, the > default Domain Policy is to just notify clients that updates are > available. > > 1. I have setup WSUS 3.0 on a LAN server and it seems to be working > fine. > 2. I have created a new OU on the domain with a WU GPO thusly: > > Policy  Setting > Allow Automatic Updates immediate installation  Enabled > Automatic Updates detection frequency   Enabled > Check for updates at the following > interval (hours):       1 > > Policy  Setting > Configure Automatic Updates     Enabled > Configure automatic updating:   4 - Auto download and schedule the > install > The following settings are only required > and applicable if 4 is selected. > Scheduled install day:  0 - Every day > Scheduled install time: 20:00 > > Policy  Setting > Delay Restart for scheduled installations       Enabled > Wait the following period before > proceeding with a scheduled > restart (minutes):      5 > > Policy  Setting > Enable client-side targeting    Enabled > Target group name for this computer     upme > > Policy  Setting > Specify intranet Microsoft update service location      Enabled > Set the intranet update service for detecting updates:  http://wsus-lan > Set the intranet statistics server:    http://wsus-lan > (example:http://IntranetUpd01) > > Extra Registry Settings > Display names for some settings cannot be found. You might be able to > resolve this issue by updating the .ADM files used by Group Policy > Management. > Setting State > Software\Policies\Microsoft\Windows\WindowsUpdate\ElevateNonAdmins      1 > > ---------------- > > Now when I pull my personal COMPUTER into the new OU with the above > policy it pops up nicely in WSUS and my computer then reports to me > that there are 2 updates available for download.  The same two updates > that WSUS has been set to approved status. > > So the custom GPO works as it is directing the client to WSUS server > and the WSUS server is reporting that the 2 approved updates are > available BUT the client is still reporting the updates are "Now > Available, Click here to Download".  It is supposed to download and > install automatically.  So my custom GPO only half works. > > Here the tail of my windowsupdate log.  I hope the formatting stays > neat > > 2008-11-26      03:18:32:452    1388    7c4     AU      ############# > 2008-11-26      03:18:32:452    1388    7c4     AU      ## START ##  AU: Search for > updates > 2008-11-26      03:18:32:452    1388    7c4     AU      ######### > 2008-11-26      03:18:32:452    1388    7c4     AU      <<## SUBMITTED ## AU: Search for > updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] > 2008-11-26      03:18:32:452    1388    174     Agent   ************* > 2008-11-26      03:18:32:452    1388    174     Agent   ** START **  Agent: Finding > updates [CallerId = AutomaticUpdates] > 2008-11-26      03:18:32:452    1388    174     Agent   ********* > 2008-11-26      03:18:32:452    1388    174     Agent     * Online = Yes; Ignore > download priority = No > 2008-11-26      03:18:32:452    1388    174     Agent     * Criteria = "IsHidden=0 and > IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or > IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and > IsAssigned=1 or IsHidden=0 and IsInstalled=1 and > DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 > or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' > and IsAssigned=1 and RebootRequired=1" > 2008-11-26      03:18:32:452    1388    174     Agent     * ServiceID = {3DA21691- > E39D-4DA6-8A4B-B43877BCB1B7} > 2008-11-26      03:18:32:452    1388    174     Agent     * Search Scope = {Machine} > 2008-11-26      03:18:32:452    1388    174     Misc    Validating signature for C: > \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: > 2008-11-26      03:18:32:452    1388    174     Misc     Microsoft signed: Yes > 2008-11-26      03:18:32:467    1388    174     Misc    Validating signature for C: > \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: > 2008-11-26      03:18:32:467    1388    174     Misc     Microsoft signed: Yes > 2008-11-26      03:18:33:670    1388    174     Misc    Validating signature for C: > \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: > 2008-11-26      03:18:33:670    1388    174     Misc     Microsoft signed: Yes > 2008-11-26      03:18:33:686    1388    174     Setup   ***********  Setup: Checking > whether self-update is required  *********** > 2008-11-26      03:18:33:686    1388    174     Setup     * Inf file: C:\WINDOWS > \SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf > 2008-11-26      03:18:33:717    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\cdm.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:33:748    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wuapi.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:33:764    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wuapi.dll.mui: target version = 7.2.6001.784, > required version = 7.1.6001.65 > 2008-11-26      03:18:33:795    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wuauclt.exe: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:33:811    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wuaucpl.cpl: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:33:842    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.2.6001.784, > required version = 7.1.6001.65 > 2008-11-26      03:18:33:858    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wuaueng.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:33:889    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wuaueng.dll.mui: target version = 7.2.6001.784, > required version = 7.1.6001.65 > 2008-11-26      03:18:33:920    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wucltui.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:33:936    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wucltui.dll.mui: target version = 7.2.6001.784, > required version = 7.1.6001.65 > 2008-11-26      03:18:33:952    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wups.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:33:983    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wups2.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:34:014    1388    174     Setup   Update NOT required for C: > \WINDOWS\system32\wuweb.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26      03:18:34:014    1388    174     Setup     * IsUpdateRequired = No > 2008-11-26      03:18:38:139    1388    174     PT      +++++++++++  PT: Synchronizing > server updates  +++++++++++ > 2008-11-26      03:18:38:139    1388    174     PT        + ServiceId = {3DA21691- > E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =http://wsus-lan/ClientWebService/client.asmx > 2008-11-26      03:18:49:795    1388    174     PT      +++++++++++  PT: Synchronizing > extended update info  +++++++++++ > 2008-11-26      03:18:49:795    1388    174     PT        + ServiceId = {3DA21691- > E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =http://wsusr-lan/ClientWebService/client.asmx > 2008-11-26      03:18:54:155    1388    174     Agent     * Added update > {2470E441-42FA-4397-B6AE-9E5498F47962}.103 to search result > 2008-11-26      03:18:54:155    1388    174     Agent     * Added update > {9397A21F-246C-453B-AC05-65BF4FC6B68B}.101 to search result > 2008-11-26      03:18:54:155    1388    174     Agent     * Found 2 updates and 46 > categories in search; evaluated appl. rules of 497 out of 746 deployed > entities > 2008-11-26      03:18:54:545    1388    174     Agent   ********* > 2008-11-26      03:18:54:545    1388    174     Agent   **  END  **  Agent: Finding > updates [CallerId = AutomaticUpdates] > 2008-11-26      03:18:54:545    1388    174     Agent   ************* > 2008-11-26      03:18:54:545    1388    2d0     AU      >>##  RESUMED  ## AU: Search for > updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] > 2008-11-26      03:18:54:545    1388    2d0     AU        # 2 updates detected > 2008-11-26      03:18:54:545    1388    2d0     AU      ######### > 2008-11-26      03:18:54:545    1388    2d0     AU      ##  END  ##  AU: Search for > updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] > 2008-11-26      03:18:54:545    1388    2d0     AU      ############# > 2008-11-26      03:18:54:561    1388    2d0     AU      AU setting next detection timeout > to 2008-11-26 12:07:36 > 2008-11-26      03:18:59:545    1388    174     Report  REPORT EVENT: {D5C30C05- > C25A-4F6D-9212-87BBF80B7BA7}    2008-11-26 03:18:54:545-0800    1       147     101 > {00000000-0000-0000-0000-000000000000}  0       0       AutomaticUpdates        Success > Software Synchronization        Windows Update Client successfully detected 2 > updates. > 2008-11-26      03:18:59:545    1388    174     Report  REPORT EVENT: {5B3A45CD- > E3BF-4AB8-97A2-621C5FA65E67}    2008-11-26 03:18:54:545-0800    1       156     101 > {00000000-0000-0000-0000-000000000000}  0       0       AutomaticUpdates        Success > Pre-Deployment Check    Reporting client status. > 2008-11-26      03:25:49:371    1388    174     Report  Uploading 2 events using > cached cookie, reporting URL =http://wsus-lan/ReportingWebService/ReportingWebService.asmx > > Please advise.  Thank you! Server URL = http://wsusr-lan/ClientWebService/client.asmx <-- please ignore my typo. The server name is correct IRL.

Re: Auto Download and Install not working "Augusto Alvarez" <augustoalvarez[ at ]noesmimail.com> 11/29/2008 10:45:11 PM Not sure if Im following you, but you say that you want the updates to be automatically download and install right? But you've set the GPO to "Auto download and schedule the install". That way will always require user intervention to install updates. -- augusto alvarez | it pro | southworks MCP - MCTS - MCITP DBA http://blogs.southworks.net/aalvarez <chokomoloko[ at ]yahoo.ca> wrote in message news:c3d6da72-5feb-451b-b69b-ef935f4c0227[ at ]n33g2000pri.googlegroups.com... [Quoted Text] > My goal is to move client computers into an OU that differs from the > Default Domain Policy in regards to Auto Update. I want the new OU to > force the clients to auto download and install critical updates, the > default Domain Policy is to just notify clients that updates are > available. > > 1. I have setup WSUS 3.0 on a LAN server and it seems to be working > fine. > 2. I have created a new OU on the domain with a WU GPO thusly: > > Policy Setting > Allow Automatic Updates immediate installation Enabled > Automatic Updates detection frequency Enabled > Check for updates at the following > interval (hours): 1 > > Policy Setting > Configure Automatic Updates Enabled > Configure automatic updating: 4 - Auto download and schedule the > install > The following settings are only required > and applicable if 4 is selected. > Scheduled install day: 0 - Every day > Scheduled install time: 20:00 > > Policy Setting > Delay Restart for scheduled installations Enabled > Wait the following period before > proceeding with a scheduled > restart (minutes): 5 > > Policy Setting > Enable client-side targeting Enabled > Target group name for this computer upme > > Policy Setting > Specify intranet Microsoft update service location Enabled > Set the intranet update service for detecting updates: http://wsus-lan > Set the intranet statistics server: http://wsus-lan > (example: http://IntranetUpd01) > > > Extra Registry Settings > Display names for some settings cannot be found. You might be able to > resolve this issue by updating the .ADM files used by Group Policy > Management. > Setting State > Software\Policies\Microsoft\Windows\WindowsUpdate\ElevateNonAdmins 1 > > ---------------- > > Now when I pull my personal COMPUTER into the new OU with the above > policy it pops up nicely in WSUS and my computer then reports to me > that there are 2 updates available for download. The same two updates > that WSUS has been set to approved status. > > So the custom GPO works as it is directing the client to WSUS server > and the WSUS server is reporting that the 2 approved updates are > available BUT the client is still reporting the updates are "Now > Available, Click here to Download". It is supposed to download and > install automatically. So my custom GPO only half works. > > Here the tail of my windowsupdate log. I hope the formatting stays > neat > > 2008-11-26 03:18:32:452 1388 7c4 AU ############# > 2008-11-26 03:18:32:452 1388 7c4 AU ## START ## AU: Search for > updates > 2008-11-26 03:18:32:452 1388 7c4 AU ######### > 2008-11-26 03:18:32:452 1388 7c4 AU <<## SUBMITTED ## AU: Search for > updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] > 2008-11-26 03:18:32:452 1388 174 Agent ************* > 2008-11-26 03:18:32:452 1388 174 Agent ** START ** Agent: Finding > updates [CallerId = AutomaticUpdates] > 2008-11-26 03:18:32:452 1388 174 Agent ********* > 2008-11-26 03:18:32:452 1388 174 Agent * Online = Yes; Ignore > download priority = No > 2008-11-26 03:18:32:452 1388 174 Agent * Criteria = "IsHidden=0 and > IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or > IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and > IsAssigned=1 or IsHidden=0 and IsInstalled=1 and > DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 > or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' > and IsAssigned=1 and RebootRequired=1" > 2008-11-26 03:18:32:452 1388 174 Agent * ServiceID = {3DA21691- > E39D-4DA6-8A4B-B43877BCB1B7} > 2008-11-26 03:18:32:452 1388 174 Agent * Search Scope = {Machine} > 2008-11-26 03:18:32:452 1388 174 Misc Validating signature for C: > \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: > 2008-11-26 03:18:32:452 1388 174 Misc Microsoft signed: Yes > 2008-11-26 03:18:32:467 1388 174 Misc Validating signature for C: > \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: > 2008-11-26 03:18:32:467 1388 174 Misc Microsoft signed: Yes > 2008-11-26 03:18:33:670 1388 174 Misc Validating signature for C: > \WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: > 2008-11-26 03:18:33:670 1388 174 Misc Microsoft signed: Yes > 2008-11-26 03:18:33:686 1388 174 Setup *********** Setup: Checking > whether self-update is required *********** > 2008-11-26 03:18:33:686 1388 174 Setup * Inf file: C:\WINDOWS > \SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf > 2008-11-26 03:18:33:717 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\cdm.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:33:748 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wuapi.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:33:764 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wuapi.dll.mui: target version = 7.2.6001.784, > required version = 7.1.6001.65 > 2008-11-26 03:18:33:795 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wuauclt.exe: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:33:811 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wuaucpl.cpl: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:33:842 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.2.6001.784, > required version = 7.1.6001.65 > 2008-11-26 03:18:33:858 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wuaueng.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:33:889 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wuaueng.dll.mui: target version = 7.2.6001.784, > required version = 7.1.6001.65 > 2008-11-26 03:18:33:920 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wucltui.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:33:936 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wucltui.dll.mui: target version = 7.2.6001.784, > required version = 7.1.6001.65 > 2008-11-26 03:18:33:952 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wups.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:33:983 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wups2.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:34:014 1388 174 Setup Update NOT required for C: > \WINDOWS\system32\wuweb.dll: target version = 7.2.6001.784, required > version = 7.1.6001.65 > 2008-11-26 03:18:34:014 1388 174 Setup * IsUpdateRequired = No > 2008-11-26 03:18:38:139 1388 174 PT +++++++++++ PT: Synchronizing > server updates +++++++++++ > 2008-11-26 03:18:38:139 1388 174 PT + ServiceId = {3DA21691- > E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = > http://wsus-lan/ClientWebService/client.asmx > 2008-11-26 03:18:49:795 1388 174 PT +++++++++++ PT: Synchronizing > extended update info +++++++++++ > 2008-11-26 03:18:49:795 1388 174 PT + ServiceId = {3DA21691- > E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = > http://wsusr-lan/ClientWebService/client.asmx > 2008-11-26 03:18:54:155 1388 174 Agent * Added update > {2470E441-42FA-4397-B6AE-9E5498F47962}.103 to search result > 2008-11-26 03:18:54:155 1388 174 Agent * Added update > {9397A21F-246C-453B-AC05-65BF4FC6B68B}.101 to search result > 2008-11-26 03:18:54:155 1388 174 Agent * Found 2 updates and 46 > categories in search; evaluated appl. rules of 497 out of 746 deployed > entities > 2008-11-26 03:18:54:545 1388 174 Agent ********* > 2008-11-26 03:18:54:545 1388 174 Agent ** END ** Agent: Finding > updates [CallerId = AutomaticUpdates] > 2008-11-26 03:18:54:545 1388 174 Agent ************* > 2008-11-26 03:18:54:545 1388 2d0 AU >>## RESUMED ## AU: Search for > updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] > 2008-11-26 03:18:54:545 1388 2d0 AU # 2 updates detected > 2008-11-26 03:18:54:545 1388 2d0 AU ######### > 2008-11-26 03:18:54:545 1388 2d0 AU ## END ## AU: Search for > updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] > 2008-11-26 03:18:54:545 1388 2d0 AU ############# > 2008-11-26 03:18:54:561 1388 2d0 AU AU setting next detection timeout > to 2008-11-26 12:07:36 > 2008-11-26 03:18:59:545 1388 174 Report REPORT EVENT: {D5C30C05- > C25A-4F6D-9212-87BBF80B7BA7} 2008-11-26 03:18:54:545-0800 1 147 101 > {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success > Software Synchronization Windows Update Client successfully detected 2 > updates. > 2008-11-26 03:18:59:545 1388 174 Report REPORT EVENT: {5B3A45CD- > E3BF-4AB8-97A2-621C5FA65E67} 2008-11-26 03:18:54:545-0800 1 156 101 > {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success > Pre-Deployment Check Reporting client status. > 2008-11-26 03:25:49:371 1388 174 Report Uploading 2 events using > cached cookie, reporting URL = > http://wsus-lan/ReportingWebService/ReportingWebService.asmx > > Please advise. Thank you!

Re: Auto Download and Install not working DaveMills <DaveMills[ at ]newsgroup.nospam> 11/30/2008 9:00:21 AM On Sat, 29 Nov 2008 20:45:11 -0200, "Augusto Alvarez" <augustoalvarez[ at ]noesmimail.com> wrote: [Quoted Text] >Not sure if Im following you, but you say that you want the updates to be >automatically download and install right? > >But you've set the GPO to "Auto download and schedule the install". That way >will always require user intervention to install updates. This is not correct. The update will install automatically unless somebody is logged in. I the use is and administrator or the policy to allow non administrator to get notification is set then the user can interact and install the update. -- Dave Mills There are 10 types of people, those that understand binary and those that don't.

Re: Auto Download and Install not working DaveMills <DaveMills[ at ]newsgroup.nospam> 11/30/2008 9:11:16 AM The update will only install automatically at the scheduled time (20:00). This is by design. It sounds like you are trying to implement a "New Builds" OU where the updates install quickly. This is also know as "Under Construction" and has been documented in the group quite often. The key setting to achieve this is a "deadline". If the update has and expired deadline it will install immediately (after a policy configured delay). This installation will happen even if an administrator is logged in and cannot be stopped. So, assuming WSUS 3, simply approve the update for the OU and then set a deadline. The default is the current day/time which will become an expired deadline more or less straight away. You will then find the update do install. I usually approve update for a test group first. Then manually install the updates as administrator. A few days later if all is OK and change the approval to "All groups" = install and "New Builds" = Install + Deadline. I don't bother with a deadline on things like Windows Defender which is updated frequently. On Wed, 26 Nov 2008 16:09:10 -0800 (PST), chokomoloko[ at ]yahoo.ca wrote: [Quoted Text] >My goal is to move client computers into an OU that differs from the >Default Domain Policy in regards to Auto Update. I want the new OU to >force the clients to auto download and install critical updates, the >default Domain Policy is to just notify clients that updates are >available. > >1. I have setup WSUS 3.0 on a LAN server and it seems to be working >fine. >2. I have created a new OU on the domain with a WU GPO thusly: > >Policy Setting >Allow Automatic Updates immediate installation Enabled >Automatic Updates detection frequency Enabled >Check for updates at the following >interval (hours): 1 > >Policy Setting >Configure Automatic Updates Enabled >Configure automatic updating: 4 - Auto download and schedule the >install >The following settings are only required >and applicable if 4 is selected. >Scheduled install day: 0 - Every day >Scheduled install time: 20:00 > >Policy Setting >Delay Restart for scheduled installations Enabled >Wait the following period before >proceeding with a scheduled >restart (minutes): 5 > >Policy Setting >Enable client-side targeting Enabled >Target group name for this computer upme > >Policy Setting >Specify intranet Microsoft update service location Enabled >Set the intranet update service for detecting updates: http://wsus-lan >Set the intranet statistics server: http://wsus-lan >(example: http://IntranetUpd01) > > >Extra Registry Settings >Display names for some settings cannot be found. You might be able to >resolve this issue by updating the .ADM files used by Group Policy >Management. >Setting State >Software\Policies\Microsoft\Windows\WindowsUpdate\ElevateNonAdmins 1 > >---------------- > >Now when I pull my personal COMPUTER into the new OU with the above >policy it pops up nicely in WSUS and my computer then reports to me >that there are 2 updates available for download. The same two updates >that WSUS has been set to approved status. > >So the custom GPO works as it is directing the client to WSUS server >and the WSUS server is reporting that the 2 approved updates are >available BUT the client is still reporting the updates are "Now >Available, Click here to Download". It is supposed to download and >install automatically. So my custom GPO only half works. > >Here the tail of my windowsupdate log. I hope the formatting stays >neat > >2008-11-26 03:18:32:452 1388 7c4 AU ############# >2008-11-26 03:18:32:452 1388 7c4 AU ## START ## AU: Search for >updates >2008-11-26 03:18:32:452 1388 7c4 AU ######### >2008-11-26 03:18:32:452 1388 7c4 AU <<## SUBMITTED ## AU: Search for >updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] >2008-11-26 03:18:32:452 1388 174 Agent ************* >2008-11-26 03:18:32:452 1388 174 Agent ** START ** Agent: Finding >updates [CallerId = AutomaticUpdates] >2008-11-26 03:18:32:452 1388 174 Agent ********* >2008-11-26 03:18:32:452 1388 174 Agent * Online = Yes; Ignore >download priority = No >2008-11-26 03:18:32:452 1388 174 Agent * Criteria = "IsHidden=0 and >IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or >IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and >IsAssigned=1 or IsHidden=0 and IsInstalled=1 and >DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 >or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' >and IsAssigned=1 and RebootRequired=1" >2008-11-26 03:18:32:452 1388 174 Agent * ServiceID = {3DA21691- >E39D-4DA6-8A4B-B43877BCB1B7} >2008-11-26 03:18:32:452 1388 174 Agent * Search Scope = {Machine} >2008-11-26 03:18:32:452 1388 174 Misc Validating signature for C: >\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: >2008-11-26 03:18:32:452 1388 174 Misc Microsoft signed: Yes >2008-11-26 03:18:32:467 1388 174 Misc Validating signature for C: >\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: >2008-11-26 03:18:32:467 1388 174 Misc Microsoft signed: Yes >2008-11-26 03:18:33:670 1388 174 Misc Validating signature for C: >\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: >2008-11-26 03:18:33:670 1388 174 Misc Microsoft signed: Yes >2008-11-26 03:18:33:686 1388 174 Setup *********** Setup: Checking >whether self-update is required *********** >2008-11-26 03:18:33:686 1388 174 Setup * Inf file: C:\WINDOWS >\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf >2008-11-26 03:18:33:717 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\cdm.dll: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:33:748 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wuapi.dll: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:33:764 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wuapi.dll.mui: target version = 7.2.6001.784, >required version = 7.1.6001.65 >2008-11-26 03:18:33:795 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wuauclt.exe: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:33:811 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wuaucpl.cpl: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:33:842 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.2.6001.784, >required version = 7.1.6001.65 >2008-11-26 03:18:33:858 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wuaueng.dll: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:33:889 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wuaueng.dll.mui: target version = 7.2.6001.784, >required version = 7.1.6001.65 >2008-11-26 03:18:33:920 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wucltui.dll: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:33:936 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wucltui.dll.mui: target version = 7.2.6001.784, >required version = 7.1.6001.65 >2008-11-26 03:18:33:952 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wups.dll: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:33:983 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wups2.dll: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:34:014 1388 174 Setup Update NOT required for C: >\WINDOWS\system32\wuweb.dll: target version = 7.2.6001.784, required >version = 7.1.6001.65 >2008-11-26 03:18:34:014 1388 174 Setup * IsUpdateRequired = No >2008-11-26 03:18:38:139 1388 174 PT +++++++++++ PT: Synchronizing >server updates +++++++++++ >2008-11-26 03:18:38:139 1388 174 PT + ServiceId = {3DA21691- >E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus-lan/ClientWebService/client.asmx >2008-11-26 03:18:49:795 1388 174 PT +++++++++++ PT: Synchronizing >extended update info +++++++++++ >2008-11-26 03:18:49:795 1388 174 PT + ServiceId = {3DA21691- >E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsusr-lan/ClientWebService/client.asmx >2008-11-26 03:18:54:155 1388 174 Agent * Added update >{2470E441-42FA-4397-B6AE-9E5498F47962}.103 to search result >2008-11-26 03:18:54:155 1388 174 Agent * Added update >{9397A21F-246C-453B-AC05-65BF4FC6B68B}.101 to search result >2008-11-26 03:18:54:155 1388 174 Agent * Found 2 updates and 46 >categories in search; evaluated appl. rules of 497 out of 746 deployed >entities >2008-11-26 03:18:54:545 1388 174 Agent ********* >2008-11-26 03:18:54:545 1388 174 Agent ** END ** Agent: Finding >updates [CallerId = AutomaticUpdates] >2008-11-26 03:18:54:545 1388 174 Agent ************* >2008-11-26 03:18:54:545 1388 2d0 AU >>## RESUMED ## AU: Search for >updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] >2008-11-26 03:18:54:545 1388 2d0 AU # 2 updates detected >2008-11-26 03:18:54:545 1388 2d0 AU ######### >2008-11-26 03:18:54:545 1388 2d0 AU ## END ## AU: Search for >updates [CallId = {9E713C24-63F3-4214-9B8A-F16637AFD908}] >2008-11-26 03:18:54:545 1388 2d0 AU ############# >2008-11-26 03:18:54:561 1388 2d0 AU AU setting next detection timeout >to 2008-11-26 12:07:36 >2008-11-26 03:18:59:545 1388 174 Report REPORT EVENT: {D5C30C05- >C25A-4F6D-9212-87BBF80B7BA7} 2008-11-26 03:18:54:545-0800 1 147 101 >{00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success >Software Synchronization Windows Update Client successfully detected 2 >updates. >2008-11-26 03:18:59:545 1388 174 Report REPORT EVENT: {5B3A45CD- >E3BF-4AB8-97A2-621C5FA65E67} 2008-11-26 03:18:54:545-0800 1 156 101 >{00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success >Pre-Deployment Check Reporting client status. >2008-11-26 03:25:49:371 1388 174 Report Uploading 2 events using >cached cookie, reporting URL = http://wsus-lan/ReportingWebService/ReportingWebService.asmx > >Please advise. Thank you! -- Dave Mills There are 10 types of people, those that understand binary and those that don't.

Re: Auto Download and Install not working chokomoloko[ at ]yahoo.ca 11/30/2008 7:58:20 PM Yes I was missing the deadline. Thank you very much Dave, it works a charm now. My own machine forced me to reboot about 20 seconds after I applied the deadline. Big Cheers. Keith. On Nov 30, 1:11 am, DaveMills <DaveMi...[ at ]newsgroup.nospam> wrote: [Quoted Text] > The update will only install automatically at the scheduled time (20:00). This > is by design. > > It sounds like you are trying to implement a "New Builds" OU where the updates > install quickly. This is also know as "Under Construction" and has been > documented in the group quite often. The key setting to achieve this is a > "deadline". If the update has and expired deadline it will install immediately > (after a policy configured delay). This installation will happen even if an > administrator is logged in and cannot be stopped. > > So, assuming WSUS 3, simply approve the update for the OU and then set a > deadline. The default is the current day/time which will become an expired > deadline more or less straight away. You will then find the update do install. > > I usually approve update for a test group first. Then manually install the > updates as administrator. A few days later if all is OK and change the approval > to "All groups" = install and "New Builds" = Install + Deadline. I don't bother > with a deadline on things like Windows Defender which is updated frequently. > >

Re: Auto Download and Install not working "Harry Johnston [MVP]" <harry[ at ]scms.waikato.ac.nz> 11/30/2008 8:51:06 PM DaveMills wrote: [Quoted Text] > It sounds like you are trying to implement a "New Builds" OU where the updates > install quickly. This is also know as "Under Construction" and has been > documented in the group quite often. The key setting to achieve this is a > "deadline". If the update has and expired deadline it will install immediately > (after a policy configured delay). This installation will happen even if an > administrator is logged in and cannot be stopped. The other approach that can be used is to use a script to download and install all approved updates. My script might serve as a starting point: <http://www.scms.waikato.ac.nz/~harry/wsusupdate.vbs> http://www.scms.waikato.ac.nz/~harry/wsusupdate.vbs There are plenty of others available on the web. Harry.

Re: Auto Download and Install not working DaveMills <DaveMills[ at ]newsgroup.nospam> 12/1/2008 12:39:52 AM On Sun, 30 Nov 2008 09:00:21 +0000, DaveMills <DaveMills[ at ]newsgroup.nospam> wrote: [Quoted Text] >On Sat, 29 Nov 2008 20:45:11 -0200, "Augusto Alvarez" ><augustoalvarez[ at ]noesmimail.com> wrote: > >>Not sure if Im following you, but you say that you want the updates to be >>automatically download and install right? >> >>But you've set the GPO to "Auto download and schedule the install". That way >>will always require user intervention to install updates. > >This is not correct. The update will install automatically unless somebody is >logged in. I the use is and administrator or the policy to allow non >administrator to get notification is set then the user can interact and install >the update. Talk about fat fingers "If the user is an administrator...." -- Dave Mills There are 10 types of people, those that understand binary and those that don't.