?
Solved

WSUS and AD GPO

Posted on 2013-01-24
9
Medium Priority
?
500 Views
Last Modified: 2016-02-21
I have a question on WSUS and GPOs
Created servers –OU and desktop OU
Created two GPO for server and desktop and link them to each OU.
For the server- to download but not reboot the server.
For the desktop- download and install
Went into WSUS
Option
Use group policy
Does this do the job, I do not see serversOU and desktop OUs in the wsus.
Only see all computers and unassigned computers. I expect the servers and Desktop OUs to populate in the WSUS so I can approve the patches.
0
Comment
Question by:pdsmicro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 21

Expert Comment

by:Ivano Viola
ID: 38815644
You need to create the groups in WSUS. Right-click on All Computers and select "Add computer group".

These are the settings you need to look at in Group Policy. Target Group Name is where you link it to the WSUS group.

Hope this helps.

GP Settings
IV
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 38815720
thank you for your help .i did create  a group in WSUS and it did not come to AD .
0
 
LVL 21

Assisted Solution

by:Ivano Viola
Ivano Viola earned 800 total points
ID: 38815805
Hi,

I just want to confirm when you say "...and it did not come to AD". The computers should already be in an OU in AD. You apply the two group policies to the respective OUs.
Server OU should contain the server computers
Desktop OU should contain the desktops
Now on the Server OU (and desktop OU) you should have a group policy applied. The settings contained in the GP should be set under Computer Configuration, not User.
Target group name for this computer should match the computer group you created in WSUS. This is where the computers will added to.

Groups WSUS
If you make any changes to the GP you will need to run gpupdate /force from the command line for the computer to update.

IV
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 4

Assisted Solution

by:anotherjallen
anotherjallen earned 800 total points
ID: 38815828
You need to have Client-side targeting enabled and in that option you specify the target group you created in WSUS.  If this is not configured or if the name doesn't match exactly to the group name this will not work.
0
 
LVL 21

Assisted Solution

by:Ivano Viola
Ivano Viola earned 800 total points
ID: 38815880
Yep, exactly as shown in the policy image above.

IV
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 38816139
Sorry guys, I am bit slow of understand anything.
I create OU on AD called server
Then move all server to that
Create GP and link to that
Come to WSUS
Create a computer group called server exactly same name as in the AD.
Then
Enable client side targeting for group
Am I correct?
0
 
LVL 4

Assisted Solution

by:anotherjallen
anotherjallen earned 800 total points
ID: 38816280
Yes you are.
Your GPO needs to have client side targeting enabled, in addition to need to have Specify an intranet Microsoft update service location enabled, and that needs to point to your WSUS server in the format http://wsusServerName.  This will tell your servers what WSUS server they are supposed to connect to and what group to go into when they connect to that server.

My WSUS GPO looks like this when editing it.
wsusgpo.png
0
 
LVL 7

Accepted Solution

by:
Scobber earned 400 total points
ID: 38816306
You could always manually assign the computers to a group, bearing in mind that you only need one group in wsus, because GP controls the download/installation schedules

the only reason for separating in WSUS is to assign some updates to one group and not to another, and even then they are separated to some extent by the SKU of the OS
0
 

Author Closing Comment

by:pdsmicro
ID: 38846391
Thank you all
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question