What is the best practice when having ePolicy Orchestrator installed, and a user who has the agent installed and want to keep their windows patches up to date?
We have a user who wants to keep up to date with the latest Windows patches. So patch tuesday has come and of course the policy on Orchestrator doesn't allow him to install any updates, just errors. If we disable active protection it will work, however we don't want him to turn it off himself.
What is the best practive when it comes to Windows updates. Do you just tell people they can't or can the policy be updated in a way that it can work?
Just wanted to see if anyone else has dealt with a similar issue.
Many Thanks.Message was edited by: kevhal on 20/08/13 10:29:08 CDT
If you have VirusScan 8.8 you should consider the use of the 'Low Risk' exclusion pool. From Microsoft they state;
Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder: %windir%\SoftwareDistribution\Datastore
You can read more about these and other exclusions at: Virus scanning recommendations for Enterprise computers that are running currently supported version...