Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 268
  • Last Modified:

Excluding certain systems from automatic updates block

I have a w2k3 domain with group policy in place and have chosen to totally disable automatic updates on all systems.  (We push tested patches with zenworks, for now).  I have 2 systems that I would like to either allow automatic updates on or allow the user to run the automatic updates for testing purposes.

All domain users are local admins.

How can this be achieved?

Smak
0
talkinsmak
Asked:
talkinsmak
1 Solution
 
inbarasanCommented:
Dear talkinsmak,
Which ever system you want to do update you can go to update.microsoft.com and update those patches he requires.

Cheers!
0
 
talkinsmakAuthor Commented:
I have blocked ALL access to windows update, including accessing the web page.
0
 
inbarasanCommented:
You may put these systems in different OU and don't apply these GPO policy.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
talkinsmakAuthor Commented:
GPO is applied at the domain level.  It flows down from there.  
0
 
inbarasanCommented:
I belive that You may use Block Inheritance so that it doesn't apply GPO on that OU
0
 
talkinsmakAuthor Commented:
Will not block inheritance with a domain policy.
0
 
Francis_BelandCommented:
Since the GPO is only for Computer Configuration, you can put all Computers in an OU and create a GPO with the Windows Update blocked instead of having a Domain Policy. You then put the 2 machines you need in another OU and you can test Automatic Updates. Note that you probably need to link the Block Windows Update to the Domain Controller OU also.
0
 
victornegriCommented:
So you want to be able to allow systems to go to Windows Updates but you've disabled all access to Windows Update from the domain level and don't want to block that policy? You need to budge in some way in order to make this change.

One suggestion: If you apply another GPO to the OU closer to the user, it will overwrite the settings from the domain policy. That is, if you don't have No Override enabled on the domain policy. If that is the case, you will have to disable No Override (and make sure there are no Block Inheritances anywhere).

Another option: Don't block access to Windows Updates using GPOs but instead from the firewall and allow access from certain clients to Windows Update from there.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now