Auto Download and Install not working? Manually approve Malicious

I have seen this in numerous environments-even using wsus. With servers,
Workstations, XP Pro and Vista. Where you have to manually approve the
bugger(s) (Monthly Malicious UPdates) to get updates to install. Then the
updates that were released after it- show ready to install. Am I missing
something?

Are you updating via AU, WSUS, or both? (Both is not a good idea.)

If AU is configured to "Notify Only", yes, that's exactly what's supposed to
happen.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Redmond Forest Trust wrote:
> I have seen this in numerous environments-even using wsus. With servers,
> Workstations, XP Pro and Vista. Where you have to manually approve the
> bugger(s) (Monthly Malicious UPdates) to get updates to install. Then the
> updates that were released after it- show ready to install. Am I missing
> something?

Different locations. Different company's. Seen this in everything from Home
PC's to corporate networks.
Even with Zenith Management (saaz) clients.

You have to manually approve the Windwos Malicious Update in order for any
other updates that were released after it to be available to install.

Example:

August 2008 Malicious Update Was automatically downloaded. Workstation, or
server, doesn't automatically install it. Even though the AU is configured
to do so. In other environments: SAAZ say, Same issue. In other
environments such as WSUS: With a setting to approve all MS Critical Updates.
If you don't approve the Malicious Update; none of the others in the chain
after it will install until you do.

"PA Bear [MS MVP]" wrote:

> Are you updating via AU, WSUS, or both? (Both is not a good idea.)
>
> If AU is configured to "Notify Only", yes, that's exactly what's supposed to
> happen.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
> Redmond Forest Trust wrote:
> > I have seen this in numerous environments-even using wsus. With servers,
> > Workstations, XP Pro and Vista. Where you have to manually approve the
> > bugger(s) (Monthly Malicious UPdates) to get updates to install. Then the
> > updates that were released after it- show ready to install. Am I missing
> > something?
>
>

Then one can only assume that a Group Policy is causing the behavior.

Redmond Forest Trust wrote:
> Different locations. Different company's. Seen this in everything from
> Home PC's to corporate networks.
> Even with Zenith Management (saaz) clients.
>
> You have to manually approve the Windwos Malicious Update in order for any
> other updates that were released after it to be available to install.
>
> Example:
>
> August 2008 Malicious Update Was automatically downloaded. Workstation,
> or
> server, doesn't automatically install it. Even though the AU is
> configured
> to do so. In other environments: SAAZ say, Same issue. In other
> environments such as WSUS: With a setting to approve all MS Critical
> Updates. If you don't approve the Malicious Update; none of the others in
> the chain after it will install until you do.
>
> "PA Bear [MS MVP]" wrote:
>
>> Are you updating via AU, WSUS, or both? (Both is not a good idea.)
>>
>> If AU is configured to "Notify Only", yes, that's exactly what's supposed
>> to happen.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>>
>> Redmond Forest Trust wrote:
>>> I have seen this in numerous environments-even using wsus. With
>>> servers,
>>> Workstations, XP Pro and Vista. Where you have to manually approve the
>>> bugger(s) (Monthly Malicious UPdates) to get updates to install. Then
>>> the
>>> updates that were released after it- show ready to install. Am I missing
>>> something?

What about the home PC's that do not use Group Policy?

I was informed- That there were issues (compliance/legal/other) with
Microsoft AutoInstalling the Malicious Updates WITHOUT user intervention
(acceptance) is that true?

"PA Bear [MS MVP]" wrote:

> Are you updating via AU, WSUS, or both? (Both is not a good idea.)
>
> If AU is configured to "Notify Only", yes, that's exactly what's supposed to
> happen.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
> Redmond Forest Trust wrote:
> > I have seen this in numerous environments-even using wsus. With servers,
> > Workstations, XP Pro and Vista. Where you have to manually approve the
> > bugger(s) (Monthly Malicious UPdates) to get updates to install. Then the
> > updates that were released after it- show ready to install. Am I missing
> > something?
>
>

With very few exceptions, no one here works for or represents Microsoft.
Here are your support options:

Start a free Windows Update support incident request:
https://support.microsoft.com/oas/de...spx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

The above notwithstanding:

If you have Automatic Updates configured properly, the MSR tool can be
declined. If you update via Windows Update website and select the CUSTOM
option, the MSR tool can be declined.
--
~PA Bear

Redmond Forest Trust wrote:
> What about the home PC's that do not use Group Policy?
>
> I was informed- That there were issues (compliance/legal/other) with
> Microsoft AutoInstalling the Malicious Updates WITHOUT user intervention
> (acceptance) is that true?
>
> "PA Bear [MS MVP]" wrote:
>> Are you updating via AU, WSUS, or both? (Both is not a good idea.)
>>
>> If AU is configured to "Notify Only", yes, that's exactly what's supposed
>> to happen.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>>
>> Redmond Forest Trust wrote:
>>> I have seen this in numerous environments-even using wsus. With
>>> servers,
>>> Workstations, XP Pro and Vista. Where you have to manually approve the
>>> bugger(s) (Monthly Malicious UPdates) to get updates to install. Then
>>> the
>>> updates that were released after it- show ready to install. Am I missing
>>> something?