WSUS on Windows Server 2008 R2

I’m new to WSUS on Windows Server 2008 R2.

Can someone explain how I configure this to automatically approve all updates for client computers but not for Servers?
DHPBilcareAsked:
Who is Participating?
 
Brian PiercePhotographerCommented:
Start by creating two groups - put servers in one group and clients in another http://www.wsuswiki.com/TargetGroups
0
 
kevinhsiehCommented:
I don't know that you can. What I do is have target groups for my machines, but also different GPOs that have different automatic update settings for my servers and workstations. Workstations will patch every day, will only patch on weekends, and some server download only so I can control what gets installed and when.

I suppose if you really wanted to you can setup two WSUS servers with different approval policies and point your workstations to one and your servers to another.
0
 
DonNetwork AdministratorCommented:
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
DHPBilcareAuthor Commented:
Thanks for all the comments.

One more question.  We have some validated Win2K SP4 clients that must be kept excluded from Windows updates.  What's the best way to do this?
0
 
DonNetwork AdministratorCommented:
Place them in a OU that doesnt get the new WSUS gpo's you created applied to them.

Or create another GPO with a client side targeting group for these W2k clients, then in this WSUS group dont approve any win2k updates.
0
 
kevinhsiehCommented:
First of all, Microsoft will never ever release another update for Windows 2000. To prevent any updates of any kind, I say that it's best to deploy a group policy to the workstations to specifically never check for updates, as opposed to just not configuring it or to use a client side target group and hope that you remember to make sure that every update is not approved for that group. The problem with that plan is that many updates are automatically approved in most deployments, and the default action for approving an update is to approve an update for all groups. It's just too easy for an administrator to approve an update for everything, and setting a setting once in a GPO to make sure that a workstation doesn't download and install updates seems much less prone to error.
0
 
DonNetwork AdministratorCommented:
All you would need to do is deselect Windows 2000 from products then wsus wouldn't even synchronize or download win2k updates
0
 
kevinhsiehCommented:
You could still get Office and other updates.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.