0

How should I setup sharing/directory permissions to allow the following to work:

  1. VMHost - Hyper-V partition (not part of domain)
  2. ADServer - Active Directory Domain Controller running as guest VM on VMHost
  3. \VMHost\Updates disk share for WSUS to put the updates and other local files
  4. Problem is what permissions do I need to give to \VMHost\Updates to allow WSUS to work with this directory to avoid "The WSUS content directory is not accessible" error which I am currently seeing.

As far as I can tell WSUS runs as "domain/Network Service" account. Question is without adding VMHost to the domain how do I give that user appropriate permissions to this directory?

Is there a way that VMHost can be told to trust ADServer and then be able to use users accounts from there?

Sort of relates to my other post here: Win 2012 Domain controller VM, should the Hyper-V host be part of the domain?

Thanks, Nick

Community
  • 1
NickC
  • 2,313
  • 13
  • 40
  • 52
  • 1
    Why wouldn't you just store the WSUS updates on the WSUS server? – joeqwerty Nov 18 '12 at 16:48
  • Well physically they are but this is a virtual machine. It is also the Domain Controller so considered it good practice to keep these updates on a separate drive. Don't want the domain controller VM C:drive getting bloated with these updates which logically are best residing on a separate drive. – NickC Nov 18 '12 at 17:02
  • 1
    Sure keep the updates on a separate drive... on the same server not another server. How about adding a new VHD to the VM and configure WSUS to store the updates there? – joeqwerty Nov 18 '12 at 17:31

1 Answers1

2

The better solution would be to add another VHD to the VM and configure WSUS to store the updates on the new VHD.

You're making it infiniltely more difficult by trying to store the WSUS updates on a non-domain joined server.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • +1 I don't even think WSUS supports the update store being on a SMB share. – MDMarra Nov 18 '12 at 17:42
  • Mainly because I have never trusted much data to .vhd files because they cannot be read and shared natively, only by VMs. Still if that is the preferred hyper-v way then I suppose I could create a .vhd inside the partition I had intended to use for these updates anyway. – NickC Nov 18 '12 at 17:45
  • You're trusting your DC to run and operate correctly, right? It is in fact running on a VHD. That's kind of the jist of virtualization, the HDD of the VM is a VHD (or a VMDK in the case of a VMware VM). – joeqwerty Nov 18 '12 at 17:47