talkinsmak
asked on
Excluding certain systems from automatic updates block
I have a w2k3 domain with group policy in place and have chosen to totally disable automatic updates on all systems. (We push tested patches with zenworks, for now). I have 2 systems that I would like to either allow automatic updates on or allow the user to run the automatic updates for testing purposes.
All domain users are local admins.
How can this be achieved?
Smak
All domain users are local admins.
How can this be achieved?
Smak
ASKER
I have blocked ALL access to windows update, including accessing the web page.
You may put these systems in different OU and don't apply these GPO policy.
ASKER
GPO is applied at the domain level. It flows down from there.
I belive that You may use Block Inheritance so that it doesn't apply GPO on that OU
ASKER
Will not block inheritance with a domain policy.
Since the GPO is only for Computer Configuration, you can put all Computers in an OU and create a GPO with the Windows Update blocked instead of having a Domain Policy. You then put the 2 machines you need in another OU and you can test Automatic Updates. Note that you probably need to link the Block Windows Update to the Domain Controller OU also.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Which ever system you want to do update you can go to update.microsoft.com and update those patches he requires.
Cheers!