I have a question on WSUS and GPOs
Created servers –OU and desktop OU
Created two GPO for server and desktop and link them to each OU.
For the server- to download but not reboot the server.
For the desktop- download and install
Went into WSUS
Use group policy
Does this do the job, I do not see serversOU and desktop OUs in the wsus.
Only see all computers and unassigned computers. I expect the servers and Desktop OUs to populate in the WSUS so I can approve the patches.
Who is Participating?
ScobberConnect With a Mentor Commented:
You could always manually assign the computers to a group, bearing in mind that you only need one group in wsus, because GP controls the download/installation schedules

the only reason for separating in WSUS is to assign some updates to one group and not to another, and even then they are separated to some extent by the SKU of the OS
Ivano ViolaSystem AdministratorCommented:
You need to create the groups in WSUS. Right-click on All Computers and select "Add computer group".

These are the settings you need to look at in Group Policy. Target Group Name is where you link it to the WSUS group.

Hope this helps.

GP Settings
pdsmicroConnect With a Mentor Author Commented:
thank you for your help .i did create  a group in WSUS and it did not come to AD .
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Ivano ViolaConnect With a Mentor System AdministratorCommented:

I just want to confirm when you say "...and it did not come to AD". The computers should already be in an OU in AD. You apply the two group policies to the respective OUs.
Server OU should contain the server computers
Desktop OU should contain the desktops
Now on the Server OU (and desktop OU) you should have a group policy applied. The settings contained in the GP should be set under Computer Configuration, not User.
Target group name for this computer should match the computer group you created in WSUS. This is where the computers will added to.

Groups WSUS
If you make any changes to the GP you will need to run gpupdate /force from the command line for the computer to update.

anotherjallenConnect With a Mentor Commented:
You need to have Client-side targeting enabled and in that option you specify the target group you created in WSUS.  If this is not configured or if the name doesn't match exactly to the group name this will not work.
Ivano ViolaConnect With a Mentor System AdministratorCommented:
Yep, exactly as shown in the policy image above.

pdsmicroConnect With a Mentor Author Commented:
Sorry guys, I am bit slow of understand anything.
I create OU on AD called server
Then move all server to that
Create GP and link to that
Come to WSUS
Create a computer group called server exactly same name as in the AD.
Enable client side targeting for group
Am I correct?
anotherjallenConnect With a Mentor Commented:
Yes you are.
Your GPO needs to have client side targeting enabled, in addition to need to have Specify an intranet Microsoft update service location enabled, and that needs to point to your WSUS server in the format http://wsusServerName.  This will tell your servers what WSUS server they are supposed to connect to and what group to go into when they connect to that server.

My WSUS GPO looks like this when editing it.
pdsmicroAuthor Commented:
Thank you all
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.