AD delegation for Patch installation

  • 50 Views
  • Last Post 01 March 2017
Swar posted this 26 February 2017

Hi
Looking suggestion, how to delegate an user or group for Patch installation.
-Swar

Order By: Standard | Newest | Votes
Swar posted this 27 February 2017

Thanks Atul; for reply but actually I am not looking only for Patch, it could be any apps, hotfix or Patch, that can be install with specific delegation.
Please suggest if there is any.
-Swar
On Feb 27, 2017 12:03 PM, "Atul A" <theatula@xxxxxxxxxxxxxxxx> wrote:
Hi,
have a look at URL
https://social.technet.microsoft.com/Forums/windowsserver/en-US/ea6f3bab-9860-4d1f-9b0a-a2100dfa60ca/wsus-administrative-delegation?forum=winserverwsus
-Atul


show

ken posted this 27 February 2017

What are your actual requirements?

 

Most organisations would use a deployment tool that has its own roles/permissions/delegation model, and a trusted subsystem model (aka a trusted

agent on the target hosts). Microsoft has one called System Center Configuration Manager.

 

Regards

Ken

 

show

Swar posted this 28 February 2017

Thanks Ken for reply.
Please keep all the tools aside. I just wanted to know can we delegate an user or group for manual installation? As we know that without local administrator privilege installation can't be done.
Is there any way to delegate without giving admin privilege ?
-Swar
On Feb 28, 2017 2:13 AM, "Ken Schaefer" <ken@xxxxxxxxxxxxxxxx> wrote:
















What are your actual requirements?

 

Most organisations would use a deployment tool that has its own roles/permissions/delegation model, and a trusted subsystem model (aka a trusted

agent on the target hosts). Microsoft has one called System Center Configuration Manager.

 

Regards

Ken

 

show

ken posted this 01 March 2017

You are talking about rights on a server itself – that is separate to delegation within AD, which provides rights (e.g. reset password) within AD.

There is no “delegation” in Active Directory that permits installation of patches on a server (or workstation)

 

When deploying patches, many possible things may be altered: file system, registry, DCOM/RPC, services etc. – a user would need appropriate permissions

to every single one of these resources in order to deploy the particular patch.

 

Hence why these 3rd party tools exist.

 

Cheers

Ken

 

show

Close