Solved

WSUS and GPO  Applied automatically to Authenticated users (added only servers in first 10 minutes)

Posted on 2010-11-18
5
929 Views
Last Modified: 2013-11-21
I am not an experienced Domain GPO editor.

But we have 10 simple file and database and Terminal servers with about 50 XP workstations and lots of remote notebooks.

I am trying to setup WSUS for the first time and got thru the WSUS installation on one of my servers (no problem, it downloaded all the Micorosoft Updates (filtered to english etc)

Creating the new GPO for WSUS was a little hard to follow but I think I got it because within 10 minutes my WSUS server showed 6 of my servers reporting in to my WSUS's computer list.

QUESTION :  by default the my new GPO was enabled and set to be applied to "Authenticated users"  Why were only servers showing up when I believe any LAN workstation user would be authenticated..  did I not wait long enough ?  ( I disabled the GPO before leaving the office as I did not want to be called in tonight if 99 machines started acting weird (rebooting etc)

Thanks in advance
Paranoid GPO Peter
By
0
Comment
Question by:azpete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:jodix2002
ID: 34170801
Where did you apply the GPO to? to the whole domain, or just to a specific OU?
0
 
LVL 8

Expert Comment

by:MarkieS
ID: 34171011
Hi,

If you have applied it to users then only the User section of the GPO (HKEY_CURRENT_USER) will be applied in the registry.  

From memory the WSUS settings are part of Computer (HKEY_LOCAL MACHINE) - someone shoot me if I'm wrong!

The GPO needs to be applied to machines so that the Computer part of the GPO (HKEY_CURRENT_MACHINE) is applied.

cheers
0
 
LVL 13

Accepted Solution

by:
haim96 earned 250 total points
ID: 34182952
applying GPO for WSUS is a start but it's half work!
you need to make sure that "Automatic updates" service and BITS service are started in all your machines.
the WSUS GPO only apply WSUS settings and doesn't start the necessary services.
you need another settings for it. (in the same or another GPO rule)

0
 

Author Comment

by:azpete
ID: 34184793
I will take a look and see if I can find the GPO setting you refer to..
0
 
LVL 6

Expert Comment

by:Exemplar
ID: 34310503
Hello azpete!

You will need to setup your GPO in the following fashion - specifically under "Configure Automatic Updates" and "Specify Intranet Microsoft Update Service Location" sections:
http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx

Remember to check the registry settings at:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer
and
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer

You might also want to make sure that the Background Intelligent Transfer Service (BITS) is Started/Automatic on the problem workstations.  If this is not the case, you might also need to force this via GPO.

Also, please check in your AD OU structure and see if your server objects are within a separate OU than your workstation objects.  If this is the case, it would seem that the OU that holds the workstation objects is not being receiving the GPO data.  In this case, you might need to either rework the location of the GPO within the AD or move the workstations to a different OU.

Please let us know how it's going for you.

/cheers
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question