We have just created a Windows update server on one of our server so as to reduce the internet traffic once when Windows Update Patches available. The Windows Update server is installed in a server which run under an OS of Windows server 2003 while our client PCs are consist of Windows 2000 Professional (sp4) and Windows XP Professional (sp2). In my company, we have Active Directory (AD) and have quite a no. of Group Policies and we would like to use this to help us to deploy this batch update process.
Since we have around 200 client PCs and we found that it is impossible to deploy the patch to all the PCs in one go as this will affect our internal network traffic a lot (even at night when our EOD is in processing). As a result, I have the following questions that need your advise.
1) How can I make changes to AD and/or group policies so that we have no need to go to each client PC to alter their group policies and can deploy this company wide Windows update process?
2) Even point one above can be implement, we would like to make the Windows update on a department basis rather than on company basis. For example, perform Windows update on ONE department per day (or per 2 hours) once when Windows updates are available from Microsoft.
Kindly please help.
** I have not that much knowledge on AD & group policies, please be specific or I will get loss, thx **