Hi people,
I'm still over the problem of handling mobile wsus clients.
In the meantime I would like to change the hosts file. In Windows 7 with the UAC (User Access Control) it's not quite simple changing the file like in Windows XP, you have to use a workaround.
At first you have to start the editor with administrator privileges. Then you can open it in this directory:
%systemroot%\System32\drivers\etc\hosts
Do the changes you want to do and save the file through file - save.
This will work
Have fun
Regards
Sonntag, 27. Juni 2010
Freitag, 11. Juni 2010
Handling of mobile wsus clients
Hi at all,
I'm sure that some of you are now watching the football world cup in tv but I'm thinking about the handling of mobile clients with wsus because I think that's an interesting theme too ;).
It's a problem in almost every company. There are clients, e. g. laptops or home office pcs, which aren't mostly connected to the company network through vpn or something like that.
So a IT Admin has ask himself about patching those clients.
If you have a wsus server for patching your clients, including laptops etc, there's a tricky possibility of patching these clients.
In my mind I would like to start a user script with a software deployment tool during the login on the client.
So you can see on the local IP adress of the client in which network the device is.
Based on this information you can run a script which will set a registry key of wsus. So you can define if the client should use the wsus of microsoft in the internet or the server in your company lan.
Of course you should not forget, that some mobile clients don't have a broadband internet connection so you should set the bits (Background Intelligent Transfer Service) in the registry too.
I'm planning this scenario and if I'm ready I'll post my solutions and experiences in this blog.
So stay tuned to this blog if you're interested in it and have a nice evening
Manuel
I'm sure that some of you are now watching the football world cup in tv but I'm thinking about the handling of mobile clients with wsus because I think that's an interesting theme too ;).
It's a problem in almost every company. There are clients, e. g. laptops or home office pcs, which aren't mostly connected to the company network through vpn or something like that.
So a IT Admin has ask himself about patching those clients.
If you have a wsus server for patching your clients, including laptops etc, there's a tricky possibility of patching these clients.
In my mind I would like to start a user script with a software deployment tool during the login on the client.
So you can see on the local IP adress of the client in which network the device is.
Based on this information you can run a script which will set a registry key of wsus. So you can define if the client should use the wsus of microsoft in the internet or the server in your company lan.
Of course you should not forget, that some mobile clients don't have a broadband internet connection so you should set the bits (Background Intelligent Transfer Service) in the registry too.
I'm planning this scenario and if I'm ready I'll post my solutions and experiences in this blog.
So stay tuned to this blog if you're interested in it and have a nice evening
Manuel
Mittwoch, 2. Juni 2010
Create a group policy for the wsus clients
Before you can update clients with the wsus server, you have to configure them through a group policy in your domain.
So start the mmc for Group Policy Management and create a suitable OU in your ad structure, e.g. "WSUS Laptops".
After that you can start creating the Group Policy. In conjunction with your environment you have to decide which settings you want to use.
Here you can see my settings for my test environment:
Don't forget to link the gpo with the corresponding org unit.
If you have done these steps, you can have a look at the updates. In my case I've decided to aprove all updates with the "Default Automatic Approval Rule" (you can find this in "Options" --> "Automatic Approvals").
So you can start updating your clients in conjunction with your group policy.
Of course there are more options you can configure but at this point, for me it's enough to hold the clients secure.
Regards
So start the mmc for Group Policy Management and create a suitable OU in your ad structure, e.g. "WSUS Laptops".
After that you can start creating the Group Policy. In conjunction with your environment you have to decide which settings you want to use.
Here you can see my settings for my test environment:
If you have done these steps, you can have a look at the updates. In my case I've decided to aprove all updates with the "Default Automatic Approval Rule" (you can find this in "Options" --> "Automatic Approvals").
So you can start updating your clients in conjunction with your group policy.
Of course there are more options you can configure but at this point, for me it's enough to hold the clients secure.
Regards
Sonntag, 30. Mai 2010
Installing the WSUS on Server 2008
Hi,
today I prepared my virtual server for installating WSUS. How I have installed and configured it, you can read at this link:
http://technet.microsoft.com/en-us/library/dd939817%28WS.10%29.aspx
I had only one problem during the installation. You have to configure the SQL Server 2008 for remote access if you want to use an SQL Server as Database instead of the internal. In SQL Server 2005 there was an surface are configuration but in the newer version, you have to enable the protocols in the SQL Server Configuration Manager:
After enabling the procotols, you have to restart the SQL Server Service for taking effect.
If you have done this, the WSUS Installation Guide can access the database and can do all the required things.
The next step would be the configuration of the group policy to set the new update source for the clients you want to update through the wsus (this will be a topic from another blog entry).
That's it
If you have any questions - feel free to ask
Have a nice day
today I prepared my virtual server for installating WSUS. How I have installed and configured it, you can read at this link:
http://technet.microsoft.com/en-us/library/dd939817%28WS.10%29.aspx
I had only one problem during the installation. You have to configure the SQL Server 2008 for remote access if you want to use an SQL Server as Database instead of the internal. In SQL Server 2005 there was an surface are configuration but in the newer version, you have to enable the protocols in the SQL Server Configuration Manager:
After enabling the procotols, you have to restart the SQL Server Service for taking effect.
If you have done this, the WSUS Installation Guide can access the database and can do all the required things.
The next step would be the configuration of the group policy to set the new update source for the clients you want to update through the wsus (this will be a topic from another blog entry).
That's it
If you have any questions - feel free to ask
Have a nice day
Montag, 3. Mai 2010
Prepare your machine template for VMWare
It doesn't make sense if you have a lot of machines, based on the same operating system, and you have to set up this manually. So usually you should use templates of virtual machines.
Before you can use a virtual machine template (in my case the server 2008) you have to prepare this for use.
After installing a OS on a machine, there will be created a unique number, it's called SID (Security Identifier).
If you want to clone this machine, including the OS, you have to change this SID, the machine name, maybe the productcode and so on.
The advantage of the Windows Server 2008, there is a internal tool which can do all this things.
You can find this tool in following directory:
C:\Windows\System32\Sysprep
On this screenshot you can see my settings. After the system was shut down you can copy the virtual machine.
After booting this machine, there will start a small installation of windows, which will prepare the system for use.
CU
Before you can use a virtual machine template (in my case the server 2008) you have to prepare this for use.
After installing a OS on a machine, there will be created a unique number, it's called SID (Security Identifier).
If you want to clone this machine, including the OS, you have to change this SID, the machine name, maybe the productcode and so on.
The advantage of the Windows Server 2008, there is a internal tool which can do all this things.
You can find this tool in following directory:
C:\Windows\System32\Sysprep
On this screenshot you can see my settings. After the system was shut down you can copy the virtual machine.
After booting this machine, there will start a small installation of windows, which will prepare the system for use.
CU
Samstag, 1. Mai 2010
Install DNS and Active Directory services
Before I will install all the other member server I have to set up a DNS Server with Active Directory.
New in Windows Server 2008 is the role based management.
After installing the "naked" server, you have to add roles to the server, e. g. DNS or Active Directory in our case.
This you can do at Start --> All Programs --> Administrative Tools --> Server Manager
On the left side you have to click on "Roles" --> "Add Role" and choose Active Directory.
After adding the roles, you have to run dcpromo.exe
After the reboot the server is configured and you can start to add other servers or clients to the domain and beginning to create group policies etc.
New in Windows Server 2008 is the role based management.
After installing the "naked" server, you have to add roles to the server, e. g. DNS or Active Directory in our case.
This you can do at Start --> All Programs --> Administrative Tools --> Server Manager
On the left side you have to click on "Roles" --> "Add Role" and choose Active Directory.
After adding the roles, you have to run dcpromo.exe
After the reboot the server is configured and you can start to add other servers or clients to the domain and beginning to create group policies etc.
Installing the MS Server 2008 functioning as a server template
Hi,
on the weekend I had time to install the first machine for my test environment.
First of all I installed a Microsoft Server 2008 R2 machine. This will be a template for my other servers, because they will base on this operating system too.
So let's start and have a look at the screenshots which I have taken through the installation:
on the weekend I had time to install the first machine for my test environment.
First of all I installed a Microsoft Server 2008 R2 machine. This will be a template for my other servers, because they will base on this operating system too.
So let's start and have a look at the screenshots which I have taken through the installation:
         |
During the installation you can choose which version of the server system you would like to install. In my case, the standard version is enough, so I choosed this one. The first step after I have installed the server, I initiated a windows update getting all the new hotfixes etc. That's all what you have to do for installing a Microsoft Server 2008 operating system. Regards |
Abonnieren
Kommentare (Atom)