Search this site:

This is the
Ocean State Libraries

Support Site.

"It's all just stuff"

Comments or questions to:
Richard Payette
Technology Coordinator
738-2200
Best viewed in 1024x768 resolution or higher.
III Millennium
Search the Millennium OPAC

Membership
Purchasing
Security
Support Tools
How-To

Downloads

Library Links

OSL Support is a registered user of the menu system from Milonic Solutions

spacer




Ocean State Libraries Support: USING GROUP POLICY WITH WSUS

Libraries with Active Directory servers (Server 2000, Server 2003 or Server 2008) can use Group Policy to set up automatic Windows patch management with the OSL WSUS server. Group Policy is particularly useful for patching staff computers. Please note that you should create a new folder ("Organization Unit") for the WSUS policy.

I. WSUS Group Policy in Active Directory - Overview

  1. Create new Organizational Unit (OU). For example: wsus
  2. Create and edit a policy
  3. Move computers to the new wsus OU from the regular Computers folder

II. Creating and applying WSUS Policy in Active Directory

  1. On the Server, open Active Directory Users and Computers
  2. Right-click on server name and select new
  3. Select 'Organization Unit'
  4. Type name for new folder (suggested: wsus )
  5. Right-click on the new 'wsus' folder
  6. Chose Properties
  7. Select Group Policy tab
  8. Select New
  9. Type a name for the policy (e.g., StaffPC)
  10. Click Edit
  11. Open Computer Configuration
  12. Open Administrative Templates
  13. Open Windows Components
  14. Open Windows Update. There are 15 items that can be configured. Section III (below) has a complete list with suggested settings for use with OSL WSUS.
  15. When you finish editing the policy, close all of the Windows in Group Policy
  16. Open to the Computers folder in the Active Directory list.
  17. Right-click on the computer(s) you want to change, and select Move. Then select the new wsus folder as the destination.

Client computers will get the new Group Policy after they have been rebooted or logged in again.

III. Suggested WSUS Group Policy Windows Update settings

  1. Do not display 'Install Updates and Shut Down' option in Shut Down Windows Dialog box: NOT CONFIGURED

  2. Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows Diaslog box: NOT CONFIGURED
  3. Configure Automatic Updates: ENABLED. Configure automatic updating: '4 - Auto download and schedule the install. The following settings are only required and applicable if 4 is selected: Scheduled install day: 0 - Every day. Scheduled install time: 08:00 for staff PCs in the morning, or 00:00 for public PC's at night.
  4. Specify Intranet Microsoft update service location: ENABLED. Set the inranet update service for detecting updates: http://204.17.98.45. Set the intranet statistics server: http://204.17.98.45
  5. Enable client-side targeting: NOT CONFIGURED
  6. Reschedule Automatic Updates scheduled installations: ENABLED. Wait after system startup (minutes): 1
  7. No auto-restart with logged on users for scheduled automatic updates installations: ENABLED
  8. Automatic Updates detection frequency: ENABLED. Check for updates at the following interval (hours): 22
  9. Allow Automatic Updates immediate installation: ENABLED
  10. Delay Restart for scheduled installations: ENABLED. Wait the following period before proceeding with a scheduled restart (minutes): 5
  11. Re-prompt for restart with scheduled installations: NOT CONFIGURED
  12. Allow non-administrators to receive update notifications: ENABLED
  13. Enable recommended updates via Automatic Updates: ENABLED
  14. Enabling Windows Update Power Management to automatically wake up: ENABLED
  15. Allow signed content from intranet Microsoft update service location: ENABLED

Ocean State Libraries
The Summit South, Suite 103
300 Centerville Road
Warwick RI, 02886-0226
401-738-2200

spacer