Shulou(Shulou.com)06/02 Report--

"actual combat training for system engineers"

-05-deploy patch management server

-03-add domain client patches through group policy (domain) configuration

Automatic update

Author: endless learning

QQ communication group: 454544014

Install the Group Policy management tool on 100-Admin01

After the creation is completed, right-open the WSUS policy you just created, select "Edit" to open [Group Policy Management Editor], and in the view of "Group Policy Management Editor"

Expand "Windows updates" in "computer configuration"-"policies"-"Management templates"-"Windows components"

[configure automatic updates]

[specify intranet Microsoft update service location]

Http://031-WSUS01.i-x-Cloud.com:8530

After setting up, we have to wait for the domain policy to take effect, or we can use the command gpupdate / foces to update the domain security policy.

Return to the WSUS Management console, where you can see the connected client computers in the list of unassigned computers, as well as the real client computer name, IP address, operating system version, when the client last reported the update, and the percentage of installed / inapplicable updates.

Install the Telnet client on top of 100-Admin01.

Port 8530 of the Telnet WSUS server on 100-Admin01.

Telnet 031-wsus01.i-x-cloud.com 8530

After the group policy update!

Restart

011-DC01

012-DC02

013-DC03

021-CA01

031-WSUS01 (not restarted)

100-Admin01

It is estimated that 12 hours have passed, as a result!

By viewing the group policy:

C:\ Users\ Administrator > dcdiag

Directory server diagnostics

Performing initialization settings:

Trying to find the primary server.

Primary server = 011-DC01

* identified AD forest.

Finished collecting initialization information.

The required initialization tests are in progress

Testing server: Default-First-Site-Name\ 011-DC01

Start testing: Connectivity

. 011-DC01 has passed the test Connectivity

Performing major tests

Testing server: Default-First-Site-Name\ 011-DC01

Start testing: Advertising

. 011-DC01 has passed the test Advertising

Start testing: FrsEvent

. 011-DC01 has passed the test FrsEvent

Start testing: DFSREvent

Warning or error events have occurred in the last 24 hours after SYSVOL sharing. Failed SYSVOL replication issues can cause Group Policy issues.

. 011-DC01 failed the test DFSREvent

Start testing: SysVolCheck

. 011-DC01 has passed the test SysVolCheck

Start testing: KccEvent

. 011-DC01 has passed the test KccEvent

Start testing: KnowsOfRoleHolders

. 011-DC01 has passed the test KnowsOfRoleHolders

Start testing: MachineAccount

. 011-DC01 has passed the test MachineAccount

Start testing: NCSecDesc

. 011-DC01 has passed the test NCSecDesc

Start testing: NetLogons

. 011-DC01 has passed the test NetLogons

Start testing: ObjectsReplicated

. 011-DC01 has passed the test ObjectsReplicated

Start testing: Replications

. 011-DC01 has passed the test Replications

Start testing: RidManager

. 011-DC01 has passed the test RidManager

Start testing: Services

. 011-DC01 has passed the test Services

Start testing: SystemLog

There was a warning incident. EventID: 0x00001796

Generation time: 03amp 02amp 07:01:47 on 2019

Event string: Microsoft Windows Server detects that NTLM authentication is currently being used between the client and this server. This event occurs each time the server is started when NTLM is used for the first time between the client and this server.

. 011-DC01 has passed the test SystemLog

Start testing: VerifyReferences

. 011-DC01 has passed the test VerifyReferences

ForestDnsZones

Run partition tests on the

Start testing: CheckSDRefDom

. ForestDnsZones has passed the test CheckSDRefDom

Start testing: Cro***efValidation

. ForestDnsZones has passed the test Cro***efValidation

DomainDnsZones

Run partition tests on the

Start testing: CheckSDRefDom

. DomainDnsZones has passed the test CheckSDRefDom

Start testing: Cro***efValidation

. DomainDnsZones has passed the test Cro***efValidation

Schema

Run partition tests on the

Start testing: CheckSDRefDom

. Schema has passed the test CheckSDRefDom

Start testing: Cro***efValidation

. Schema has passed the test Cro***efValidation

Configuration

Run partition tests on the

Start testing: CheckSDRefDom

. Configuration has passed the test CheckSDRefDom

Start testing: Cro***efValidation

. Configuration has passed the test Cro***efValidation

I-x-Cloud

Run partition tests on the

Start testing: CheckSDRefDom

. I-x-Cloud has passed the test CheckSDRefDom

Start testing: Cro***efValidation

. I-x-Cloud has passed the test Cro***efValidation

I-x-Cloud.com

Run enterprise tests on the

Start testing: LocatorCheck

. I-x-Cloud.com has passed the test LocatorCheck

Start testing: Intersite

. I-x-Cloud.com has passed the test Intersite

C:\ Users\ Administrator >

GPRESULT / S 011-DC01 / USER i-x-Cloud\ administrator / SCOPE USER / V

GPRESULT / S 012-DC02 / USER i-x-Cloud\ administrator / SCOPE USER / V

GPRESULT / S 013-DC03 / USER i-x-Cloud\ administrator / SCOPE USER / V

GPRESULT / S 021-CA01 / USER i-x-Cloud\ administrator / SCOPE USER / V

GPRESULT / S 031-WSUS01 / USER i-x-Cloud\ administrator / SCOPE USER / V

GPRESULT / S 100-Admin01 / USER i-x-Cloud\ administrator / SCOPE USER / V

C:\ Users\ Administrator > GPRESULT / S 011-DC01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Microsoft (R) Windows (R) operating system Group Policy results tool v2.0

©2018 Microsoft Corporation . All rights reserved.

Created at 7:14:59 on ‎ 2019 / ‎ 3 / ‎ 2

RSOP data for i-x-Cloud\ Administrator, located on 011-DC01: login mode

-

OS configuration: primary domain controller

OS version: 10.0.17763

Site name: temporarily missing

Roaming profile: temporarily missing

Local configuration file: C:\ Users\ Administrator

Use slow links?: no

User Settin

-

CN=Administrator,CN=Users,DC=i-x-Cloud,DC=com

When the group policy was last applied: in 2019, 3 Universe, 2, 7, 7, 01, and 49.

The applied group policy comes from: 011-DC01.i-x-Cloud.com

Group Policy slow Link threshold: 500 kbps

Domain name: i-x-Cloud

Domain type: Windows 2008 or later

Applied Group Policy object

-

Temporary vacancy

GPRESULT / S 021-CA01 / USER i-x-Cloud\ administrator / SCOPE USER / V

GPRESULT / S 031-WSUS01 / USER i-x-Cloud\ administrator / SCOPE USER / V

GPRESULT / S 100-Admin01 / USER i-x-Cloud\ administrator / SCOPE USER / V

011-DC01 did not get the group policy

100-Admin01 logged in to 013-DC03 and did not get the group policy

Select-WSUS- Enforcement

Set

013-DC03

012-DC02

100-Admin01

021-CA01

031-WSUS01

Restart

Gpupdate / force

GPRESULT / S 011-DC01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 012-DC02 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 013-DC03 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 021-CA01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

Gpupdate / force

GPRESULT / S 100-Admin01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 011-DC01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 012-DC02 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 013-DC03 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 021-CA01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 031-WSUS01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 100-Admin01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 100-Admin01 / USER i-x-Cloud\ administrator / SCOPE USER / V

Gpupdate / force

GPRESULT / S 100-Admin01 / USER i-x-Cloud\ administrator / SCOPE USER / V

GPRESULT / HC:\ Users\ Administrator.i-x-Cloud\ GPReport-2019-03-01.html

Set-NetFirewallProfile-Profile Domain-Enabled True

Set-NetFirewallProfile-Profile Domain-Enabled False

Finally, from the above updates, the collection of computer time is uncertain, can only wait.

Even if gpupdate / force is useless.

Measured Windows server 2012 configuration WSUS

Https://blog.51cto.com/xiaosuncunzhang/1343003

This article has been completed!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.