Solved

WSUS question

Posted on 2011-02-10
5
296 Views
Last Modified: 2012-05-11
We have two locations.
Philadelphia and Harrisburg
For the most part our computers stay in the same location.
However, there are a few employees that take laptops between locations.
I have my PC's for both locations in seperate OU's and I am going to have a group policy for each OU that points to that particular OU's WSUS server.
However, I would like the laptops to be told through group policy to use automatic updates through microsoft. Is this possible and can I monitor the status of their updates?
0
Comment
Question by:steveLaMi
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 34866005
Slightly off the actual question here, but have you considered site based policy as opposed to an OU based policy?

All I mean is, link the WSUS policy (that points the 'site' to it's respective WSUS server) to the Site in Active Directory Sites & Services. That way, whether or not a client machine goes to one WSUS server or the other will be determined by the subnet it's logging in from, and should therefore always look to the WSUS server that is local to it's current location.

That is how we stop our 'roaming' laptop users from picking up WSUS updates from across our WAN when they're away from their 'home' site.

Does that help, or do you specifically need a way to force these machines to update from the web for another reason entirely?

Pete
0
 

Author Comment

by:steveLaMi
ID: 34866077
It looks when they designed the network they used the same subnet for both locations. However, the IP scheme is different. One is 192.168.0.x and the other 192.168.1.x but both with 255.255.255.0
0
 
LVL 19

Accepted Solution

by:
PeteJThomas earned 500 total points
ID: 34866316
Ok then, you're correct, and a Sites based GPO will not work for you. Though it should be noted that for sites at 2 separate locations (with a WAN in between) that is not ideal, as clients at either physical site could end up authenticating to a domain controller that's at the other site over the WAN, which will make for a slower authentication process...

But that's a different issue - For your laptops to update via MS, you simply need to DISABLE the setting "Specify Intranet Microsoft Update Service Location". If disabled, AU will automatically look to the Windows Update site on the web for updates.

So separate your laptops into a different OU, configure the Updates settings as normal, but just disable the setting I mentioned... You'll still want to configure the behaviour using the "Configure Automatic Updates" setting etc as well.

HTH

Pete
0
 

Author Comment

by:steveLaMi
ID: 34866794
Pete,

Thank you for your help. I did notice that they do have a seperate site for that location and it's DC in sites and services. Hopefully this is what is preventing them from authenticating from a wrong DC. I am going to dig into that further tomorrow. As for the WSUS, thanks again, I am going to use that method.
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 34868992
Ah ok that's good, there must be something differentiating between the 2 sites after all! Definitely worth looking into though, especially if you notice slow log ons etc.

Also, that does bring my original comment back into the fold, with Site assigned GPOs managing WSUS settings - Obviously it's your choice as to your preference, but if it is just a case of not wanting the laptops to update over the WAN, site assigned GPOs would accomplish this, with the added benefit of keeping your laptops updating via WSUS, and therefore you're back in control of the updates they receive and can monitor everything etc.

In my eyes that's preferable, and simple to implement (without the need to separate your laptops into a different OU), as all you need to do is have 2 GPOs that point to each WSUS server, and link them to the 2 sites you have defined, instead of linking them to any OUs...

But as I say, whatever you prefer! :)

Pete
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Check Disk (CHKDSK) on all volumes and fix if needed. 8 178
AD Replications issues 12 87
domain controller migration seems succesful, however.... 9 60
2003 File Server upgrade 11 54
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now