Solved

WSUS creating test group then deploying patche to others later

Posted on 2010-11-11
2
868 Views
Last Modified: 2012-08-14
I have Windows 2003 Servers and a mix of XP and Windows 7 clients.

I've just set up Wsus and want to create teh follwoing set up.
1 server, 1 XP client and 1 Win7 client get all approved updates automatically after patch tuesday. then one week later the remainder of the PCs and servers get the patchs.

as it stands I have a GPO set up as follows:
 Current Sus GPO settings for PCs
I have the following for Servers
 Current SUS GPO for Servers
I have creates an OU within teh Computers OU and placed one XP client and 1 Win7 clinet into it and teh same for teh Member Servers OU in AD.

I've then linked the PC GPO to the Test Pc OU and the Server GPO to the Test Server OU.

My understanding is then Every thursday at 17:00 my test PCs and Server will go to my sus server and download any approved updates approved for that group within SUS.

What I'm looking to do is create two more GPOs one for the remainder of my PCs and one for the remainder of my Servers that runs a week later. is it just a case of setting on up the test group for Wednesday night thus being the first to get the patches after patch tuesday and set a second GPO to schedule a download on say monday so they dont get the patches til almost a week later?

also how do you ensure that users cant keep defering reboots
0
Comment
Question by:faolchu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
Harkins earned 100 total points
ID: 34111426
Hi faolchu,
I can't see any way of achieving what you want automatically. The only way I can see you doing this is by creating groups within WSUS for your test machines and all other machines, then use client side targeting to place the computers into the respective groups.
Once you have done that, you can modify the automatic approval rule in WSUS to only approve for your test group, then, after a week has passed, you will need to manually approve the updates for all the other computers.
HTH,
Harkins
0
 

Author Closing Comment

by:faolchu
ID: 34134257
Cheers, pity there's no other way about it.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Task Scheduler: Access to an Executable File 5 38
ADFS Setup 4 42
Password change / expire 4 41
Urgent domain controller problems 8 35
This article runs through the process of deploying a single EXE application selectively to a group of user.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question