we are administering a set of servers and have a lot of people to accomplish this. In the last months there were accidentally installed updates on our machines by some of our domain admins.
Now we want to disable the ability for admins to install those updates on our servers and allow it for a specific set of users in a group. Does anyone know a method to accomplish this? I've searched through the group policy and security settings but didn't find a possibility for this.
Thanks in advance for all your helpful answers 🙂
Best Answer
Force the update via WSUS and nothing else and secure on the server hosting WSUS the local administrator group and the WSUS administrator's group.
Be advised if WSUS is installed on a Domain Controller, that tip does not work.