Hello,
I am using a “Domain User” to upgrade the windows server 2012 and 2016, on these server I have assigned to the this account to the local “Administrators” group.
With this method the update works well.
How can I using the same account to do execute win_update on the domain controller server ?.
We don’t wont to use “Domain Admins” for security reasons.
Thank you for help.
Best regards.
Flavio Gobber
You can’t, an admin on a domain controller is in effect a domain administrator. You cannot install updates without being an admin so you will need to use an account that is a domain administrator.
Could I use the parameter “use_scheduled_task: yes” to run “win_updates” with “Domain Users” ?.
When and wy I need to use “use_scheduled_task: yes” to run “win_updates” ?
Thank you for help.
Best regards
Flavio Gobber
No, even if you wanted to use a scheduled task you need to be an admin to create them bringing you back to the same problem. The only reason why this option exists is for older Windows versions where become was a bit more problematic. You shouldn’t have to worry about this option is you are using 2012 R2 or newer.