Solved

WSUS on Windows Server 2008 R2

Posted on 2011-03-12
8
604 Views
Last Modified: 2012-05-11
I’m new to WSUS on Windows Server 2008 R2.

Can someone explain how I configure this to automatically approve all updates for client computers but not for Servers?
0
Comment
Question by:DHPBilcare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 167 total points
ID: 35115708
Start by creating two groups - put servers in one group and clients in another http://www.wsuswiki.com/TargetGroups
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 167 total points
ID: 35116313
I don't know that you can. What I do is have target groups for my machines, but also different GPOs that have different automatic update settings for my servers and workstations. Workstations will patch every day, will only patch on weekends, and some server download only so I can control what gets installed and when.

I suppose if you really wanted to you can setup two WSUS servers with different approval policies and point your workstations to one and your servers to another.
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 166 total points
ID: 35119437
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 

Author Comment

by:DHPBilcare
ID: 35129241
Thanks for all the comments.

One more question.  We have some validated Win2K SP4 clients that must be kept excluded from Windows updates.  What's the best way to do this?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35129335
Place them in a OU that doesnt get the new WSUS gpo's you created applied to them.

Or create another GPO with a client side targeting group for these W2k clients, then in this WSUS group dont approve any win2k updates.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 35131012
First of all, Microsoft will never ever release another update for Windows 2000. To prevent any updates of any kind, I say that it's best to deploy a group policy to the workstations to specifically never check for updates, as opposed to just not configuring it or to use a client side target group and hope that you remember to make sure that every update is not approved for that group. The problem with that plan is that many updates are automatically approved in most deployments, and the default action for approving an update is to approve an update for all groups. It's just too easy for an administrator to approve an update for everything, and setting a setting once in a GPO to make sure that a workstation doesn't download and install updates seems much less prone to error.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35131116
All you would need to do is deselect Windows 2000 from products then wsus wouldn't even synchronize or download win2k updates
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 35131177
You could still get Office and other updates.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question