"Jordan" <> wrote in message
news:...
> we don't want anyone to use the servers for downloading,
I would suggest that you should block this in the *firewall* using IP
Addresses, not using domain credentials!
Given that nobody should be browsing the web, or accessing the Internet,
from a server under any conditions, this is a fairly easy implementation.
> Can I change Update Services from running as "Network Service" to a new
> admin account so I can just allow that account to download from the
> Microsoft?
NO.
Note.. it's not the Update Service that performs the download, anyway; it's
the Background Intelligent Transfer Service, and that account runs under the
Local System context, and must do so because it requires the ability to
write to restricted areas of the filesystem (e.g.
%windir%\SoftwareDistribution\Download).
And it wouldn't matter anyway... the downloads from Microsoft to WSUS
Server,
just as the downloads from WSUS USS to WSUS DSS,
just as the downloads from WSUS to WUAgent
are all done ANONYMOUSLY.
As noted... the correct way to achieve your objective is to block WEB access
at the firewall.
Leave your Internet Filter for use by real domain users on workstation
systems where you need to do complex content-level filtering.
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My Blog:
http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website:
http://www.microsoft.com/wsus
My MVP Profile:
http://mvp.support.microsoft.com/pro...awrence.Garvin
Similar Threads
Linear Mode
