WSUS and GPO Applied automatically to Authenticated users (added only servers in first 10 minutes)

I am not an experienced Domain GPO editor.

But we have 10 simple file and database and Terminal servers with about 50 XP workstations and lots of remote notebooks.

I am trying to setup WSUS for the first time and got thru the WSUS installation on one of my servers (no problem, it downloaded all the Micorosoft Updates (filtered to english etc)

Creating the new GPO for WSUS was a little hard to follow but I think I got it because within 10 minutes my WSUS server showed 6 of my servers reporting in to my WSUS's computer list.

QUESTION :  by default the my new GPO was enabled and set to be applied to "Authenticated users"  Why were only servers showing up when I believe any LAN workstation user would be authenticated..  did I not wait long enough ?  ( I disabled the GPO before leaving the office as I did not want to be called in tonight if 99 machines started acting weird (rebooting etc)

Thanks in advance
Paranoid GPO Peter
By
azpeteAsked:
Who is Participating?
 
haim96Connect With a Mentor Commented:
applying GPO for WSUS is a start but it's half work!
you need to make sure that "Automatic updates" service and BITS service are started in all your machines.
the WSUS GPO only apply WSUS settings and doesn't start the necessary services.
you need another settings for it. (in the same or another GPO rule)

0
 
jodix2002Commented:
Where did you apply the GPO to? to the whole domain, or just to a specific OU?
0
 
MarkieSCommented:
Hi,

If you have applied it to users then only the User section of the GPO (HKEY_CURRENT_USER) will be applied in the registry.  

From memory the WSUS settings are part of Computer (HKEY_LOCAL MACHINE) - someone shoot me if I'm wrong!

The GPO needs to be applied to machines so that the Computer part of the GPO (HKEY_CURRENT_MACHINE) is applied.

cheers
0
 
azpeteAuthor Commented:
I will take a look and see if I can find the GPO setting you refer to..
0
 
ExemplarCommented:
Hello azpete!

You will need to setup your GPO in the following fashion - specifically under "Configure Automatic Updates" and "Specify Intranet Microsoft Update Service Location" sections:
http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx

Remember to check the registry settings at:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer
and
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer

You might also want to make sure that the Background Intelligent Transfer Service (BITS) is Started/Automatic on the problem workstations.  If this is not the case, you might also need to force this via GPO.

Also, please check in your AD OU structure and see if your server objects are within a separate OU than your workstation objects.  If this is the case, it would seem that the OU that holds the workstation objects is not being receiving the GPO data.  In this case, you might need to either rework the location of the GPO within the AD or move the workstations to a different OU.

Please let us know how it's going for you.

/cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.