Weiter zum Hauptinhalt Dieser Browser wird nicht mehr unterstützt. Show
Führen Sie ein Upgrade auf Microsoft Edge durch, um die neuesten Features, Sicherheitsupdates und den technischen Support zu nutzen. Configure Automatic Updates by Using Group Policy
In diesem ArtikelWhen you configure the Group Policy settings for WSUS, use a Group Policy object (GPO) linked to an Active Directory container appropriate for your environment. Microsoft does not recommend editing the Default Domain or Default Domain Controller GPOs to add WSUS settings. In a simple environment, link the GPO with the WSUS settings to the domain. In more complex environment, you might have multiple GPOs linked to several organizational units (OUs), which enables you to have different WSUS policy settings applied to different types of computers. After you set up a client computer, it will take a few minutes before it appears on the Computers page in the WSUS console. For client computers configured with an Active Directory-based GPO, it will take about 20 minutes after Group Policy refreshes (that is, applies any new settings to the client computer). By default, Group Policy refreshes in the background every 90 minutes, with a random offset of 0 to 30 minutes. If you want to refresh Group Policy sooner, you can go to a command prompt on the client computer and type: gpupdate /force. Hinweis On client computers running Windows 2000, you can type the following at a command prompt: secedit /refreshpolicy machine_policy enforce. The following is a list of the Group Policy options available for configuring WSUS-related items in the environment. Hinweis In Windows 2000, Group Policy Object Editor is known as Group Policy Editor. Although the name changed, it is the same tool for editing Group Policy objects. It is also commonly referred to as gpedit. Load the WSUS Administrative TemplateBefore you can set any Group Policy options for WSUS, you must ensure that the latest administrative template has been loaded on the computer used to administer Group Policy. The administrative template with WSUS settings is named Wuau.adm. Although there are additional Group Policy settings related to the Windows Update Web site, all the new Group Policy settings for WSUS are contained within the Wuau.adm file. If the computer you are using to configure Group Policy has the latest version of Wuau.adm, you do not need to load the file to configure settings. The new version of Wuau.adm is available on Windows XP with Service Pack 2. Administrative templates files are stored by default in the %windir%\Inf directory. Wichtig You can find the correct version of Wuau.adm on any computer having the WSUS-compatible Automatic Updates installed. You can use the old version of Wuau.adm to initially point Automatic Updates to the WSUS server in order to self-update. After the Automatic Updates self-updates, the new Wuau.adm file appears in the %windir%\Inf folder. If the computer you are using to configure Group Policy does not have the latest version of Wuau.adm, you must first load it by using the following procedure. To add the WSUS Administrative Template
Configure Automatic UpdatesThe settings for this policy enable you to configure how Automatic Updates works. You must specify that Automatic Updates download updates from the WSUS server rather than from Windows Update. To configure the behavior of Automatic Updates
Specify Intranet Microsoft Update Service LocationThe settings for this policy enable you to configure a WSUS server that Automatic Updates will contact for updates. You must enable this policy in order for Automatic Updates to download updates from the WSUS server. Enter the WSUS server HTTP(S) URL twice, so that the server specified for updates is also used for reporting client events. For example, type **http(s)://**servername in both boxes. Both URLs are required. To redirect Automatic Updates to a WSUS server
Enable Client-side TargetingThis policy enables client computers to self-populate computer groups that exist on the WSUS server. If the status is set to Enabled, the specified computer group information is sent to WSUS, which uses it to determine which updates should be deployed to this computer. This setting is only capable of indicating to the WSUS server which group the client computer should use. You must actually create the group on the WSUS server. If the status is set to Disabled or Not Configured, no computer group information will be sent to WSUS. To enable client-side targeting
Reschedule Automatic Update Scheduled InstallationsThis policy specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously. If the status is set to Enabled, a scheduled installation that did not take place earlier will occur the specified number of minutes after the computer is next started. If the status is set to Disabled, a missed scheduled installation will occur with the next scheduled installation. If the status is set to Not Configured, a missed scheduled installation will occur one minute after the computer is next started. This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the Configure Automatic Updates policy is disabled, this policy has no effect. To reschedule Automatic Update scheduled installation
No Auto-restart for Scheduled Automatic Update Installation OptionsThis policy specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically. If the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged on to the computer. Instead, Automatic Updates will notify the user to restart the computer in order to complete the installation. Be aware that Automatic Updates will not be able to detect future updates until the restart occurs. If the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation. This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the Configure Automatic Updates policy is disabled, this policy has no effect. To inhibit auto-restart for scheduled Automatic Update installation options
Automatic Update Detection FrequencyThis policy specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here, minus 0 to 20 percent of the hours specified. For example, if this policy is used to specify a 20-hour detection frequency, then all WSUS clients to which this policy is applied will check for updates anywhere between 16 and 20 hours. If the status is set to Enabled, Automatic Updates will check for available updates at the specified interval. If the status is set to Disabled or Not Configured, Automatic Updates will check for available updates at the default interval of 22 hours. To set Automatic Update detection frequency
This policy specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows. If the status is set to Enabled, Automatic Updates will immediately install these updates after they have been downloaded and are ready to install. If the status is set to Disabled, such updates will not be installed immediately. To allow Automatic Update immediate installation
Delay Restart for Scheduled InstallationsThis policy specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart. If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the installation is finished. If the status is set to Disabled or Not Configured, the default wait time is five minutes. To delay restart for scheduled installations
Re-prompt for Restart with Scheduled InstallationsThis policy specifies the amount of time for Automatic Updates to wait before prompting the user again for a scheduled restart. If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for restart was postponed. If the status is set to Disabled or Not Configured, the default interval is 10 minutes. To re-prompt for restart with scheduled installations
Allow Non-administrators to Receive Update NotificationsThis policy specifies whether logged-on non-administrative users will receive update notifications based on the configuration settings for Automatic Updates. If Automatic Updates is configured, by policy or locally, to notify the user either before downloading or only before installation, these notifications will be offered to any non-administrator who logs onto the computer. If the status is set to Enabled, Automatic Updates will include non-administrators when determining which logged-on user should receive notification. If the status is set to Disabled or Not Configured, Automatic Updates will notify only logged-on administrators. To allow non-administrators to receive update notifications
Hinweis This policy setting does not allow non-administrative Terminal Services users to restart the remote computer where they are logged in. This is because, by default, non-administrative Terminal Services users do not have computer restart privileges. Remove Links and Access to Windows UpdateIf this setting is enabled, Automatic Updates receives updates from the WSUS server. Users who have this policy set cannot get updates from a Windows Update Web site that you have not approved. If this policy is not enabled, the Windows Update icon remains on the Start menu for local administrators to visit the Windows Update Web site. Local administrative users can use it to install unapproved software from the public Windows Update Web site. This happens even if you have specified that Automatic Updates must get approved updates from your WSUS server. To remove links and access to Windows Update
Zusätzliche RessourcenZusätzliche RessourcenIn diesem ArtikelWhere in Group Policy can you locate the policy that requires a smart card to be used to authenticate a user to Windows?Method 1: GPO
The following smart-card-related Group Policy settings are in the Local Group Policy Editor under Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options. This security policy setting requires users to sign in to a computer by using a smart card.
What hardware component is needed to set up BitLocker?BitLocker is used in conjunction with a hardware component called a Trusted Platform Module (TPM). The TPM is a smartcard-like module on the motherboard that is installed in many newer computers by the computer manufacturers. BitLocker stores its recovery key in the TPM (version 1.2 or higher).
When setting up OUs in a new domain is it useful to put all computers in one OU and all users in another?12. When setting up OUs in a new domain, why might it be useful to put all computers in one OU and all users in another? - It will be easier to inventory computers in the domain.
Which of the following is the first step in implementing this data share?Which of the following is the first step in implementing this data share? Share the folder or volume on the file server that will store the shared data files.
|