Why you need to update your PC Windows ?
PCs have an operating system that must be continually updated.
Why upgrade?
Discovery of new security hole results in the following cycle:
- Screening of the hole,
- Provision of the patch,
- Use the hole to infiltrate not upgraded computer.
The manual update is tedious.
Ideally enjoy an automated solution.
The recipe is simple:
– Enter his Windows PC in INTRANET
– Or use the automatic installation
The default behavior is obtained:
– Update every day at 12 am and because the machine does not restart, please manually reboot every week.
– if the machine is off at this time, work will be carried out 5 minutes after starting up the computer.
For different behavior,
With the Active Directory delegation, the detailed explanation:
-
- Having an Active Directory delegation and ADsciper activated account.
- Install and activate Microsoft administration tools (minimum Windows 7 SP1)
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=7887 - Create a folder OU (Organizational Unit) with the appropriate name by prefixing with the behavior of the unit with the tool “Active Directory Users and Computer” :
-
- For example, for the unit “STI-IT”, the OU name is “STI-IT-Instruments-noreboot”.
- Linked an existing GPO to that OU with the tool “Group Policy Management”.
- Move the computer objects in this OU.
- Restart the involved computers!
- For example, for the unit “STI-IT”, the OU name is “STI-IT-Instruments-noreboot”.
-
- The last operation is required, the new configuration of the GPO hierarchy loads when the computer starts!
-
Existing GPO are explicit.
-
- This is the old default behavior
- sti-all-update-sus-push-12h
- updated daily at 12 am and automatic restart if necessary.
- if the machine is off at this time, the update will be performed 5 minutes after the restart.
- This is the old default behavior
-
- By analogy, these GPOs do the same work at 3AM, 7AM, and 11 PM.
- sti-all-update-sus-push-03h
- sti-all-update-sus-push-07h
- sti-all-update-sus-push-23h
- By analogy, these GPOs do the same work at 3AM, 7AM, and 11 PM.
-
- These two GPOs are used with care, because the machine does not restart, only to be used on servers with regular monitoring by an administrator.
- sti-all-update-sus-pushsrv-12h-noreboot
- sti-all-update-sus-pushsrv-05h-noreboot
- At a minimum, the machines concerned must be restarted manually every month
- These two GPOs are used with care, because the machine does not restart, only to be used on servers with regular monitoring by an administrator.
- This GPO is used with care, because it’s in test.
Asking for reboot for 180 minutes- sti-all-update-sus-push-12h-ask180