Home
.. About WSUS Wiki

WSUS
.. WSUS FAQ
.. WSUS on SBS
.. WSUS Troubleshooting
.. WSUS News Groups
.. Known WSUS Issues
.. WSUS Links
.. WSUS Wish List

WSUS Documents
.. WSUS Deployment Guide
.. WSUS Installation Guide
.. WSUS Release Notes
.. WSUS Best Practice

SUS
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues

This page explains a known bug with IWAM_Computername when installing WUS B2 on a Windows 2000 SP4 Domain Controller (DC). This is not an issue with Windows Server 2003 (or R2) DCs.

In this configuration, you need to ensure that the IWAM_<Machine name> account is added to the Domain Administrators group, which ontains the ASPNET account, which in turn is used to launch the WUS service.

Adding the IWAM account to the Domain Administrators group is risky. This is a confirmed bug with WSUS B2, described at : http://support.microsoft.com/default.aspx?scid=kb;EN-US;824308.

Here is a suggested workaround:

1. Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy.

2. Click Security Settings.

3. Click Local Policies, and then click User Rights Assignment.

4. In the right pane, double-click Impersonate a client after authentication.

5. In the Security Policy Setting window, click Define these policy settings.

6. Click Add, and then click Browse.

7. In the Select Users or Groups window, select the IWAM account name.

8. Click Add, and then click OK.

9. Click OK, and then click OK again.

Once done, enforce an update of computer policy;

1. Type the following at the command prompt: secedit /refreshpolicy machine_policy /enforce .

2. Then at the command prompt, type iisreset.