How can I prevent WSUS clients from being able to access Windows Update via the same WSUS GPO
I'm a member of domain administrators group in a Windows 2008 R2 domain. I've configured a GPO that directs the members of an OU to get their MS OS updates from our WSUS server. The GPO appears to be working because all members of the OU appear/have reported on WSUS server as obtaining their updates from it. However, they all still have access to windows update or microsoft update via a IE. Which settings in the GPO am I missing that will prevent the WSUS clients from going to access the web (windows updates) for OS updates?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Rsilva98, thank you very much for providing that link. It was very effective in resolving the issue.
Yeah.....and My comment is the correct answer for those who dont want to read thru another link.
Remove links and access to Windows Update
If this policy setting is enabled, Automatic Updates receives updates from the WSUS server. Users who have this policy setting enabled cannot get updates from a Windows Update Web site that you have not approved. If this policy setting is not enabled, the Windows Update icon remains on the Start menu; local administrators will be able to visit the Windows Update Web site, from which they could install unapproved software. This happens even if you have specified that Automatic Updates must get approved updates from your WSUS server. In Windows Vista, this setting will gray out the Check for updates option in the Windows Update application.