troubleshooting Question

Editing Default Domain Policy for WSUS and question on Priorities

Avatar of kam_uk
kam_uk asked on
Windows Networking
1 Comment1 Solution267 ViewsLast Modified:
Hi All

We are running a mixed Windows 2000/2003 network. DC's are Windows 2003, clients are Windows XP SP2. We have about 100 users here, and at the moment there is flat AD structure. The Default Domain Policy is in place for all machines.

We are implementing WSUS to control automatic updates to the machines, and also looking at redisigning the AD structure by implementing OU's for Departments.

In the WSUS literature, it states that 'MS does not recommend editing the Default Domain or Default Domain Controller GPO's to add WSUS settings'. So, what we're going to do is apply WSUS related settings to the OU's beneath the general users or computer group.

I have a few questions -

i) When MS state not to edit the Default Domain GPO, do they mean not to edit the one that already exists with WSUS settings, but it's ok to create a new Default Domain policy and apply WSUS settings to that?

ii) Assuming we weren't going to go with (i), is there anyway to apply WSUS settings to the machines users use, rather than computers?

iii) If the Default Domain Policy has no configuration for something, but a GPO that is applied to an OU has, which one takes precedence?

Toni Uranjek

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros