"Bret - Smart & Biggar" <> wrote in
message news:299DFBC4-3E74-420B-BB1D-...
> I've been searching for an answer to this all morning, and probably I'm
> suffering searcher's block and can't pick the right key words, but I can't
> find the answer.
>
> In our environment - Server 2003, WSUS 3.0, XP desktops - we finally
> approved XP SP3 for the client machines, and had a couple problems and a
> certain few machines that required uninstalling SP3. Will WSUS / Windows
> Update Agent try to reinstall the service pack again at the next scheduled
> update (detecting it as not present, but approved),
Yes. When an installation fails it is automatically rescheduled for another
installation attempt at the next scheduled installation event. This cycle
will repeate ad infinitum until either the cause of the failure is resolved,
or the approval is removed from the update for the computer(s) which are
failing.
> If it is the former, how can I leave SP3 approved for the rest of the
> organisation and prevent its install on the few machines that still need
> to
> be addressed, short of creating a new OU just for them?
This is an ideal use for additional groups in WSUS, and takes advantage of
the ability to belong to multiple groups. Create a group which is expressly
designed for the purpose of including machines that should get SP3, and add
those machines to that group and approve XP SP3 for only that group.
Alternatively, you can create SUBgroup(s) of the existing group(s) that
contain your Windows XP machines, designed to isolate those machines that
have issues (e.g. NoXPSP3). Inherit all approvals from the main group(s)
into this subgroup, and CHANGE the computer's membership into the
subgroup(s) for those computers that are having installation failures.
Explicitly set the approval of XP SP3 for the subgroup(s) to Not Approved.
Once the issue is resolved on a machine, you can move that machine back to
the primary group. Once all machines are resolved, you can delete the
subgroup.
> If it is the latter, how do I tell get it to install later once we've
> addressed the issues?
Even though it's not the latter one option here is to reset the "Configure
Automatic Updates" policy option back to AUOption=3 (Notify for
Installation), like you probably have your servers configured. You can use
the same concept as described above -- create a subOU in Active Directory,
which inherits all existing policies, except changes the AUOptions setting
to '3'. Move the computers into that subOU until they're back to normal.
Once everything is resolved, you can remove the subOU.
You can also use both methods simultaneously, as the GPO for the subOU that
sets AUOptions=3 will also allow you to reassign the WSUS Target Group
Membership to the group that doesn't get XPSP3.
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My Blog:
http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website:
http://www.microsoft.com/wsus
My MVP Profile:
http://mvp.support.microsoft.com/pro...awrence.Garvin
Similar Threads
Linear Mode
