WSUS - Deployment strategy help
Posted on 2010-08-24
We have a single 2K3, native, AD domain. We, now, have about 1100 PCs across the state at 70 facilities. The OU structure is simple; That is most of the workstations are in a single OU. The rest are child OUs off the main [ with various GPOs assigned to them]...here is a crude visual:
- WSUS Filtered OUT.
- WSUS Test OU <--- Will be used as a test OU for special applications in OUs 1-7.
- WSUS Staging OU <--- being used to bring systems up-to-date ... but will be deleted once we are in production.
Ultimately the PCs are used for CD/DVD RW access or some sort of special application where a TC is simply not suited. We have already identified the the applications that cannot accept updates and created an OU that will service filtering out the WSUS GPO. In addition, we have also developed a strategy to deploy the updates following application testing with the PCs in the aforementioned OUs. I will comment on that shortly.
At this time we are, relatively, up to a current update base with the PCs. All are up to XP SP 3 and most are in a WSUS staging OU receiving updates weekly. [Our current staging and planned WSUS GPO will be for Critical and Security updates ONLY. SPs will be deployed only after extensive evaluations]
Okay. Those things said, what I am looking for is guidence/confirmation/any information towards the following stratigic requirements:
1) We must have a written test plan in place to test the applications in the OUs that have been created/configured to accomodate said applications.
* For the most part I can hammer this out. Insight would be appreciated though.
2) We must have a 2 week Lag between the Auto-Apporvals for the WSUS Test environment/OUs and the Production Environment/OUs.
* This is where I am having some difficulty. That is, this is going to end up being a manual approval for the latter while approval for the former will remain Automatic, ,.... Correct?
3) An additional OU must be created so the WSUS Production Policy can be filtered out.
* Like it or not...I work for an organization where any updates following XP SP 2 will simply cripple the application hosted on the system.
Any help is appreciated.
If you need further information I am happy to give it. Just let me know.