Hi,
We are running a Windows 2000 AD Domain with Windows 2000 SP4 and Windows XP
SP1 clients. When downloading hotfixes from Windows Update, from the SUS
server or downloading them and installing them manually, hotfixes released
after a certain date are not installed. When trying to install these hotfixes
manually you get a "You do not have permission to update Windows 2000 (or
XP). Contact your system administrator".
The hotfixes in question on Windows 2000 are:
826232
835732
839645
840315
840987
841356
841533
841872
841873
842526
834707
Well I am the system administrator. I am using the default Administrator
account to apply these updates which is a member of the Domain Admins,
Enterprise Admins, Backup Operators groups and more. After much banging my
head against the wall (Theres a huge dent in this sucker) I managed to work
out that its a problem with a GPO on our central server, namely our Default
Domain Policy.
I found that one out by creating an new OU in the domain and turning off
Group Policy Inheritance. When a machine's account was placed into this OU it
would apply the hotfixes from Windows Update with no issue. Once I created a
link to the Default Domain Policy on this OU it decided it didn't want to
know any more and said I didn't have permission to update Windows. Disabling
the link, forcing a refresh policy on the client machine and rebooting it
allowed me to install hotfixes once again.
The really frustrating thing is that I can not see a setting in the default
domain policy that would do this. Any ideas what may be causing this?
Many thanks,
Ian North
IT Technician
Manshead Upper School
|
Similar Threads
Linear Mode
