SimonBrook
asked on
Omit domain computer from WSUS/AD policy preventing access to windowsupdate.com
I have one user on my network who requires access to windowsupdate.com. Our network policy currently prevents user access to this site as we use WSUS3. This user however does need regular access to windowsupdate.com for testing purposes. I have added the workstation to a ad container with disabled windows update properties and enforced the gpo but the user still cannot access the site? Can anyone offer any advice?
ASKER
Hi, Thanks for your comment.
The WSUS policy is at the top of the domain tree, unenforced. The policy created/linked for the container in which I have placed his machine has an enforced policy. Therefore I would presume it would take presedence over the previous?
The WSUS policy is at the top of the domain tree, unenforced. The policy created/linked for the container in which I have placed his machine has an enforced policy. Therefore I would presume it would take presedence over the previous?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi There,
It is a computer policy and I have replicated and run gpupdate from the client.
I am downloading the tool now. Thanks.
It is a computer policy and I have replicated and run gpupdate from the client.
I am downloading the tool now. Thanks.
ASKER
I have manged to resolve it. I was using the wrong GPO.
I needed to be using the user GPO and the setting titled "Remove links and access to Windows Update". I created a new container for him and policy and set that to disabled. worked a treat. enforced it to make sure it took presendence over the higher GPO disabling access to the site.
thanks for the nudge in the right direction.
I needed to be using the user GPO and the setting titled "Remove links and access to Windows Update". I created a new container for him and policy and set that to disabled. worked a treat. enforced it to make sure it took presendence over the higher GPO disabling access to the site.
thanks for the nudge in the right direction.
You could block inheiritance of GPO's for the container where this particular PC is located, and then apply your policy which allows access