In addition to our DC/SUS Win2K3 server, we now have a separate server on the network. We now have to create 2 separate GPOs: One for workstations and another for servers for auto restart purposes. Can you advise on how we did this?
1. Created 2 separate OU's (SUS-Workstations & SUS-Servers)
2. Within each OU, created a security group (each named SUS-Workstations & SUS-Servers)
3. For each security group, added the appropriate computer
4. Created new GPO's called SUS-Workstation & SUS-Server
5. In each GPO, applied a security filter. Example: For the SUS-Servers GPO, added the SUS-Servers security group
6. Updated GPO security group permissions to read/write
7. Linked & enabled both GPO's to the domain
What's odd is at first after several restarts, nothing worked on the clients or servers. Then I added the 'Authenticated Users' group to the security filter along with read/write permissions, and it worked. BUT only for the SUS-Servers area. Is this a required group to filter out?
Aalso, why aren't the workstations getting affected. Everything else is consistent.