I just got this in my email in regards to the Automatic Updates issue I was having. This community is great. Thanks Aaron!
Tim -
Re your post this morning on wuauserv via GP - it's even easier than that: just grant Authenticated Users (or Everyone) Read access to the service in the GPO in which you enable the service. And this should only affect XP, but I don't remember if SP1 or SP2….
For example, here's a copy/paste from GPMC:
Automatic Updates (Startup Mode: Automatic)hide
Permissions
Type Name Permission
Allow BUILTIN\Administrators Full Control
Allow NT AUTHORITY\Authenticated Users Read
Allow NT AUTHORITY\INTERACTIVE Read
Allow NT AUTHORITY\SYSTEM Full Control
Auditing
Type Name Access
Failure Everyone Full Control
The line highlighted in Red is what I added to make it work. Set it once in the GPO and forget it.
Enjoy!
Aaron :)
Aaron M. Czechowski
Desktop Management Engineer
Server Administration and Engineering
Office of Technology Services
Towson University
(410) 704 - 4591
www.towson.edu/~aczech
We found an interesting issue yesterday with the Automatic Updates service. Apparently if you have ever used Group Policy to manage the start up of that service, Group Policy messes up the permissions of the service. We found a nice little workaround here: http://support.microsoft.com/kb/555336.
Basically just create a batch file with this command in it and push it out to all of your SMS clients. Note all of this must be on one line.
sc sdset wuauserv
"D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)"