Questions about implementing Group Policy for the first time
hello all,
i'm in process of implementing group policy small company not have in place. first step putting select computers in group, , implementing gpo group.
the first thing i'd implement have these computers download , automatically install windows updates. i've made sure computer won't restart automatically after installing updates without user clicking on restart now, employees seem leave work open.
my question is, happens big updates such as .net framework service packs and internet explorer 8, example? know there concerns compatibility issues ie8, so may not want newer updates be installed right away without testing them first. have stop deployment of these updates if wanted not have them installed right away?
i'm wondering updates programs such adobe acrobat , java. since users on our domain running under limited user accounts, should somehow push updates these programs them? or should not worry updates these programs? i'm not sure if these updates are useful in blocking exploits to prevent attacks or not.
thanks assistance!
i'm in process of implementing group policy small company not have in place. first step putting select computers in group, , implementing gpo group.
the first thing i'd implement have these computers download , automatically install windows updates. i've made sure computer won't restart automatically after installing updates without user clicking on restart now, employees seem leave work open.
my question is, happens big updates such as .net framework service packs and internet explorer 8, example? know there concerns compatibility issues ie8, so may not want newer updates be installed right away without testing them first. have stop deployment of these updates if wanted not have them installed right away?
i'm wondering updates programs such adobe acrobat , java. since users on our domain running under limited user accounts, should somehow push updates these programs them? or should not worry updates these programs? i'm not sure if these updates are useful in blocking exploits to prevent attacks or not.
thanks assistance!
using group policy control windows updates is great on keeping computers date.
but if concerned , think patches need testing before deploying.. should wsus.
http://technet.microsoft.com/en-us/wsus/default.aspx
once set wsus offers great settings such as:
- automatic approval install of critical updates (if choose that)
- you can approve or not approve specific updates or updates.
- can have wsus server in central location set download updates @ midnight, come next day , clients can patches approve using lan (wich faster every client downloading patches, , bandwith wont take dump on you)
- if not sure update dont approve untill have tested it.
it works great.
but if concerned , think patches need testing before deploying.. should wsus.
http://technet.microsoft.com/en-us/wsus/default.aspx
once set wsus offers great settings such as:
- automatic approval install of critical updates (if choose that)
- you can approve or not approve specific updates or updates.
- can have wsus server in central location set download updates @ midnight, come next day , clients can patches approve using lan (wich faster every client downloading patches, , bandwith wont take dump on you)
- if not sure update dont approve untill have tested it.
it works great.
Windows Server > Group Policy
Comments
Post a Comment