Solved

WSUS and AD GPO

Posted on 2013-01-24
9
484 Views
Last Modified: 2016-02-21
I have a question on WSUS and GPOs
Created servers –OU and desktop OU
Created two GPO for server and desktop and link them to each OU.
For the server- to download but not reboot the server.
For the desktop- download and install
Went into WSUS
Option
Use group policy
Does this do the job, I do not see serversOU and desktop OUs in the wsus.
Only see all computers and unassigned computers. I expect the servers and Desktop OUs to populate in the WSUS so I can approve the patches.
0
Comment
Question by:pdsmicro
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 21

Expert Comment

by:ivanoviola
ID: 38815644
You need to create the groups in WSUS. Right-click on All Computers and select "Add computer group".

These are the settings you need to look at in Group Policy. Target Group Name is where you link it to the WSUS group.

Hope this helps.

GP Settings
IV
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 38815720
thank you for your help .i did create  a group in WSUS and it did not come to AD .
0
 
LVL 21

Assisted Solution

by:ivanoviola
ivanoviola earned 200 total points
ID: 38815805
Hi,

I just want to confirm when you say "...and it did not come to AD". The computers should already be in an OU in AD. You apply the two group policies to the respective OUs.
Server OU should contain the server computers
Desktop OU should contain the desktops
Now on the Server OU (and desktop OU) you should have a group policy applied. The settings contained in the GP should be set under Computer Configuration, not User.
Target group name for this computer should match the computer group you created in WSUS. This is where the computers will added to.

Groups WSUS
If you make any changes to the GP you will need to run gpupdate /force from the command line for the computer to update.

IV
0
 
LVL 4

Assisted Solution

by:anotherjallen
anotherjallen earned 200 total points
ID: 38815828
You need to have Client-side targeting enabled and in that option you specify the target group you created in WSUS.  If this is not configured or if the name doesn't match exactly to the group name this will not work.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 21

Assisted Solution

by:ivanoviola
ivanoviola earned 200 total points
ID: 38815880
Yep, exactly as shown in the policy image above.

IV
0
 

Assisted Solution

by:pdsmicro
pdsmicro earned 0 total points
ID: 38816139
Sorry guys, I am bit slow of understand anything.
I create OU on AD called server
Then move all server to that
Create GP and link to that
Come to WSUS
Create a computer group called server exactly same name as in the AD.
Then
Enable client side targeting for group
Am I correct?
0
 
LVL 4

Assisted Solution

by:anotherjallen
anotherjallen earned 200 total points
ID: 38816280
Yes you are.
Your GPO needs to have client side targeting enabled, in addition to need to have Specify an intranet Microsoft update service location enabled, and that needs to point to your WSUS server in the format http://wsusServerName.  This will tell your servers what WSUS server they are supposed to connect to and what group to go into when they connect to that server.

My WSUS GPO looks like this when editing it.
wsusgpo.png
0
 
LVL 7

Accepted Solution

by:
Scobber earned 100 total points
ID: 38816306
You could always manually assign the computers to a group, bearing in mind that you only need one group in wsus, because GP controls the download/installation schedules

the only reason for separating in WSUS is to assign some updates to one group and not to another, and even then they are separated to some extent by the SKU of the OS
0
 

Author Closing Comment

by:pdsmicro
ID: 38846391
Thank you all
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now