Hi people,
I'm still over the problem of handling mobile wsus clients.
In the meantime I would like to change the hosts file. In Windows 7 with the UAC (User Access Control) it's not quite simple changing the file like in Windows XP, you have to use a workaround.
At first you have to start the editor with administrator privileges. Then you can open it in this directory:
%systemroot%\System32\drivers\etc\hosts
Do the changes you want to do and save the file through file - save.
This will work
Have fun
Regards
Sonntag, 27. Juni 2010
Freitag, 11. Juni 2010
Handling of mobile wsus clients
Hi at all,
I'm sure that some of you are now watching the football world cup in tv but I'm thinking about the handling of mobile clients with wsus because I think that's an interesting theme too ;).
It's a problem in almost every company. There are clients, e. g. laptops or home office pcs, which aren't mostly connected to the company network through vpn or something like that.
So a IT Admin has ask himself about patching those clients.
If you have a wsus server for patching your clients, including laptops etc, there's a tricky possibility of patching these clients.
In my mind I would like to start a user script with a software deployment tool during the login on the client.
So you can see on the local IP adress of the client in which network the device is.
Based on this information you can run a script which will set a registry key of wsus. So you can define if the client should use the wsus of microsoft in the internet or the server in your company lan.
Of course you should not forget, that some mobile clients don't have a broadband internet connection so you should set the bits (Background Intelligent Transfer Service) in the registry too.
I'm planning this scenario and if I'm ready I'll post my solutions and experiences in this blog.
So stay tuned to this blog if you're interested in it and have a nice evening
Manuel
I'm sure that some of you are now watching the football world cup in tv but I'm thinking about the handling of mobile clients with wsus because I think that's an interesting theme too ;).
It's a problem in almost every company. There are clients, e. g. laptops or home office pcs, which aren't mostly connected to the company network through vpn or something like that.
So a IT Admin has ask himself about patching those clients.
If you have a wsus server for patching your clients, including laptops etc, there's a tricky possibility of patching these clients.
In my mind I would like to start a user script with a software deployment tool during the login on the client.
So you can see on the local IP adress of the client in which network the device is.
Based on this information you can run a script which will set a registry key of wsus. So you can define if the client should use the wsus of microsoft in the internet or the server in your company lan.
Of course you should not forget, that some mobile clients don't have a broadband internet connection so you should set the bits (Background Intelligent Transfer Service) in the registry too.
I'm planning this scenario and if I'm ready I'll post my solutions and experiences in this blog.
So stay tuned to this blog if you're interested in it and have a nice evening
Manuel
Mittwoch, 2. Juni 2010
Create a group policy for the wsus clients
Before you can update clients with the wsus server, you have to configure them through a group policy in your domain.
So start the mmc for Group Policy Management and create a suitable OU in your ad structure, e.g. "WSUS Laptops".
After that you can start creating the Group Policy. In conjunction with your environment you have to decide which settings you want to use.
Here you can see my settings for my test environment:
Don't forget to link the gpo with the corresponding org unit.
If you have done these steps, you can have a look at the updates. In my case I've decided to aprove all updates with the "Default Automatic Approval Rule" (you can find this in "Options" --> "Automatic Approvals").
So you can start updating your clients in conjunction with your group policy.
Of course there are more options you can configure but at this point, for me it's enough to hold the clients secure.
Regards
So start the mmc for Group Policy Management and create a suitable OU in your ad structure, e.g. "WSUS Laptops".
After that you can start creating the Group Policy. In conjunction with your environment you have to decide which settings you want to use.
Here you can see my settings for my test environment:
If you have done these steps, you can have a look at the updates. In my case I've decided to aprove all updates with the "Default Automatic Approval Rule" (you can find this in "Options" --> "Automatic Approvals").
So you can start updating your clients in conjunction with your group policy.
Of course there are more options you can configure but at this point, for me it's enough to hold the clients secure.
Regards
Abonnieren
Posts (Atom)