Solved

WSUS and GPO  Applied automatically to Authenticated users (added only servers in first 10 minutes)

Posted on 2010-11-18
5
923 Views
Last Modified: 2013-11-21
I am not an experienced Domain GPO editor.

But we have 10 simple file and database and Terminal servers with about 50 XP workstations and lots of remote notebooks.

I am trying to setup WSUS for the first time and got thru the WSUS installation on one of my servers (no problem, it downloaded all the Micorosoft Updates (filtered to english etc)

Creating the new GPO for WSUS was a little hard to follow but I think I got it because within 10 minutes my WSUS server showed 6 of my servers reporting in to my WSUS's computer list.

QUESTION :  by default the my new GPO was enabled and set to be applied to "Authenticated users"  Why were only servers showing up when I believe any LAN workstation user would be authenticated..  did I not wait long enough ?  ( I disabled the GPO before leaving the office as I did not want to be called in tonight if 99 machines started acting weird (rebooting etc)

Thanks in advance
Paranoid GPO Peter
By
0
Comment
Question by:azpete
5 Comments
 
LVL 3

Expert Comment

by:jodix2002
ID: 34170801
Where did you apply the GPO to? to the whole domain, or just to a specific OU?
0
 
LVL 8

Expert Comment

by:MarkieS
ID: 34171011
Hi,

If you have applied it to users then only the User section of the GPO (HKEY_CURRENT_USER) will be applied in the registry.  

From memory the WSUS settings are part of Computer (HKEY_LOCAL MACHINE) - someone shoot me if I'm wrong!

The GPO needs to be applied to machines so that the Computer part of the GPO (HKEY_CURRENT_MACHINE) is applied.

cheers
0
 
LVL 13

Accepted Solution

by:
haim96 earned 250 total points
ID: 34182952
applying GPO for WSUS is a start but it's half work!
you need to make sure that "Automatic updates" service and BITS service are started in all your machines.
the WSUS GPO only apply WSUS settings and doesn't start the necessary services.
you need another settings for it. (in the same or another GPO rule)

0
 

Author Comment

by:azpete
ID: 34184793
I will take a look and see if I can find the GPO setting you refer to..
0
 
LVL 6

Expert Comment

by:Exemplar
ID: 34310503
Hello azpete!

You will need to setup your GPO in the following fashion - specifically under "Configure Automatic Updates" and "Specify Intranet Microsoft Update Service Location" sections:
http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx

Remember to check the registry settings at:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer
and
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer

You might also want to make sure that the Background Intelligent Transfer Service (BITS) is Started/Automatic on the problem workstations.  If this is not the case, you might also need to force this via GPO.

Also, please check in your AD OU structure and see if your server objects are within a separate OU than your workstation objects.  If this is the case, it would seem that the OU that holds the workstation objects is not being receiving the GPO data.  In this case, you might need to either rework the location of the GPO within the AD or move the workstations to a different OU.

Please let us know how it's going for you.

/cheers
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server HP DL380 G7 13 47
Using Multiple Monitors Remote Desktop Services WYSE Thin Client 1 43
server crashed 2 45
Convert Hyper-V VM from Gen1 to Gen2 6 84
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question