We help IT Professionals succeed at work.

Move WSUS server from workgroup to domain

Russ Dillion
Russ Dillion used Ask the Experts™
on
Hello all,
We have recently moved from a workgroup based network to a Windows 2008 AD based network.  Prior to the move, I have been using a Windows 2003 server with WSUS and Symantec System Center to manage Windows Security Updates (using registry entries on the client computers) and AV def file updates.  This server is still available but I have not yet added it to the domain.  I have found that it is not updating the AV def files or Windows Security Updates on the workstations at this point, presumably due to permissions problems as all of the workstations are now in the domain.  I am writing to ask if anyone has had any experience moving a similar managment server into a domain following a workgroup to domain migration?  Specifically, I would like to know if there is anything that I need to modify in the WSUS services or AV console prior to moving it to the domain, or should I simply build a new server to host these services and install them from scratch after the server has been added to the domain?  Any and all help is much appreciated!
Thanks in advance!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
DonNetwork Administrator

Commented:
Go ahead and join the server to network and use GPO(Group Policy) to apply registry settings, this should be seamless and resolve your permission issues


Follow the Group Policy section here


http://araihan.wordpress.com/2009/08/13/install-and-configure-wsus-3-0-sp2-step-by-step/


Use clientdiag on computers to check for errors, post if you have any.
Systems Administrator
Commented:
Thanks for your advice dstewartjr, I did some further checking and found that you do not have to have WSUS in the domain for clients to connect to it.  You do have to have it in the domain in order to have them connect via group policy, but from a permissions standpoint you can still have the clients connect using reg entries.  In my case, I had overlooked a DNS entry in our new environment.  Correcting that allowed the clients to connect to the server as they had been doing previously.