GPO for WSUS on Terminal Service - how to configure it?

[Ad]

Hello everybody,

I'm new here, sorry if ive choose the wrong forum.

I'm running 3 Terminal servers, all users connected in a session receive the message about restart after update installation, but the bottons Yes and No are disabled.

How can I hide this message to all connected users?
how to prevent this ?

Thank you
Ad

[Eric]

Ad,

I don't beleive you can supress this message from showing up using group policy. You have installed updates on the server, and it needs to be rebooted, which means ALL users must be off of it, and therefore ALL users receive the message.

Having said that, the bigger question is why did you install any updates to the operating system when users were logged in? You potentially could have changed out some underlying OS code that these sessions were making use of.

Best practices for Terminal Server updates are to have all users log off the system, run the updates and then reboot.

Now, if you want to configure the updates to download, but not install automatically, you can certainly do that through group policy. Load the Wuau.adm template, and configure the automatic updates to auto download and notify for install. This notification will only notify logged in administrators, not users or power-users.

Here's a link to the technet article that talks about managing WSUS through Group Policy:

http://technet2.microsoft.com/WindowsServer/en/library/51c8a814-6665-4d50-a0d8-2ae27e69ca7c1033.mspx?mfr=true

Hope that helps

Thanks

Eric

[Ad]

Hi Eric,

Thanks a lot for your help. But it's not the response i'm searching for! The WSUS GPO is so configured that i'm notifyed and i can choose the moment i do my updates on the different Terminal Servers.
The problem is that most part of the time the users loged on again and i can't restart the server if new users are logged! We have the servers on a clustering.
Maybe it gives a way to put out one server in clustering until the time the administrator make the updates! I made a lot of research on Internet but i don't find any infomation.

Thanks for your help and sorry for my bad englisch
Ad

[Eric]

Ok, what you need to do then is disable the ability for users to log in to the terminal server while you are doing your updates. This can actually be done from the command line. Once you have run your updates, reboot your system. Then log in from the console, or use the /console switch for RDP, and re-enable logins.

Here's a microsoft KB article that provides the correct syntax:

http://support.microsoft.com/kb/186504

Thanks

Eric

[Ad]

Hi Eric,

Many thanks for your good idea and link!

I'm going make same tests!

Greetings from Switzerland
Ad