WSUS Approval Groups
Posted on 2011-04-20
When configuring Approval Groups inside of WSUS, the former administrator did it by Operating system, there was one Approval group for each OS:
Windows Server 2008 R2
Windows Server 2008 x86
Windows Server 2008 x64
Windows XP x86
Windows XP x64
The test groups were the same way, except prefixed by the word test. This results in a lot of working sorting all of the updates down by the OS they are intended for. Further, multiple approvals are needed when a single update (.NET Framework) is intended for multiple OS (XP, Server 2003).
What is the best practice? From my research I believe (and want) to set it up in the following:
User Machines (Desktops Laptops)
Server Test Group
User Machines (Desktop Laptops) Test Group
And then just mass approve everything to the Test groups, if nothing breaks, then approve all to the regular groups.
I am looking to see what is best practice in how to set this up. Do I do it by OS, and if so why? It seems like a lot more work to set it up by OS.