Solved

WSUS and AD GPO

Posted on 2013-01-24
9
483 Views
Last Modified: 2016-02-21
I have a question on WSUS and GPOs
Created servers –OU and desktop OU
Created two GPO for server and desktop and link them to each OU.
For the server- to download but not reboot the server.
For the desktop- download and install
Went into WSUS
Option
Use group policy
Does this do the job, I do not see serversOU and desktop OUs in the wsus.
Only see all computers and unassigned computers. I expect the servers and Desktop OUs to populate in the WSUS so I can approve the patches.
0
Comment
Question by:pdsmicro
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 21

Expert Comment

by:ivanoviola
ID: 38815644
You need to create the groups in WSUS. Right-click on All Computers and select "Add computer group".

These are the settings you need to look at in Group Policy. Target Group Name is where you link it to the WSUS group.

Hope this helps.

GP Settings
IV
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 38815720
thank you for your help .i did create  a group in WSUS and it did not come to AD .
0
 
LVL 21

Assisted Solution

by:ivanoviola
ivanoviola earned 200 total points
ID: 38815805
Hi,

I just want to confirm when you say "...and it did not come to AD". The computers should already be in an OU in AD. You apply the two group policies to the respective OUs.
Server OU should contain the server computers
Desktop OU should contain the desktops
Now on the Server OU (and desktop OU) you should have a group policy applied. The settings contained in the GP should be set under Computer Configuration, not User.
Target group name for this computer should match the computer group you created in WSUS. This is where the computers will added to.

Groups WSUS
If you make any changes to the GP you will need to run gpupdate /force from the command line for the computer to update.

IV
0
 
LVL 4

Assisted Solution

by:anotherjallen
anotherjallen earned 200 total points
ID: 38815828
You need to have Client-side targeting enabled and in that option you specify the target group you created in WSUS.  If this is not configured or if the name doesn't match exactly to the group name this will not work.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 21

Assisted Solution

by:ivanoviola
ivanoviola earned 200 total points
ID: 38815880
Yep, exactly as shown in the policy image above.

IV
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 38816139
Sorry guys, I am bit slow of understand anything.
I create OU on AD called server
Then move all server to that
Create GP and link to that
Come to WSUS
Create a computer group called server exactly same name as in the AD.
Then
Enable client side targeting for group
Am I correct?
0
 
LVL 4

Assisted Solution

by:anotherjallen
anotherjallen earned 200 total points
ID: 38816280
Yes you are.
Your GPO needs to have client side targeting enabled, in addition to need to have Specify an intranet Microsoft update service location enabled, and that needs to point to your WSUS server in the format http://wsusServerName.  This will tell your servers what WSUS server they are supposed to connect to and what group to go into when they connect to that server.

My WSUS GPO looks like this when editing it.
wsusgpo.png
0
 
LVL 7

Accepted Solution

by:
Scobber earned 100 total points
ID: 38816306
You could always manually assign the computers to a group, bearing in mind that you only need one group in wsus, because GP controls the download/installation schedules

the only reason for separating in WSUS is to assign some updates to one group and not to another, and even then they are separated to some extent by the SKU of the OS
0
 

Author Closing Comment

by:pdsmicro
ID: 38846391
Thank you all
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now