Solved

Windows Update Group Policy for DC and SBS Servers

Posted on 2008-10-02
7
492 Views
Last Modified: 2012-05-05
Hello,

I am trying to confirm that what I am doing is correct and if not to ask for some direction.

The default domain policy says that all systems are to update windows and install automatically. This includes the DC and servers. I don't want this for obvious reasons. I want to be able to download but wait for manual installation on the DC and Servers.

To set this up, I did a Block Inheritance at the Domain Controllers and SBSServers OU's and configured their respective poilicies accordingly.
Is this correct?

Thanks in advance.
0
Comment
Question by:cepolly
  • 3
  • 3
7 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 100 total points
ID: 22626056
If you do this it will Block ALL policies except those applied directly to the OUs in question - if that what you want then its fine.
0
 
LVL 1

Author Comment

by:cepolly
ID: 22626080
Yes it is. We don't have too many policies that we have implemented.

However, you bring up a good point.
Are there policies inherent to SBS 2003 that I may be blocking inadvertantly?

0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 400 total points
ID: 22626173
when i have this same issue,

1.Block inheritance on the DC and server OU and this will block all the policies
2.Create a new policy for updates and link to the DC ans erver OU's
3.Then again link the other policies you need to apply to these ou's

I would suggest linking the GP's is the best way to do this.

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 400 total points
ID: 22626199
in simple you can link the GP's anywhere in the OU...even if you specify block inheritance and say for example it is going to block GP1 and GP2.... then still you can link the GP2 on the same ou and this policy will be applied.

Other workaround you can try is,create a new update policy with settings and link it to the dc and server ou and the enforce the newly create policy....this will work only if your parent policy from top is not enforced.....
0
 
LVL 1

Author Comment

by:cepolly
ID: 22626346
Looks like the linking was the problem. As soon as I removed the linkage, the policies took.

Now if I relink, will I lose the settings that I want? Will the newly link GPO take precedence?
0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 400 total points
ID: 22626407
i dont understand your query..can you be more clear.

just relink the policy and dont enforce
link the newly link gpo and enforce it

hence the settings on the new gp will take precedence....
0
 
LVL 1

Author Comment

by:cepolly
ID: 22626441
You didn't understand what I said exactly but you answered it. :-)

I understand. Thanks for the help.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question