Windows Updates throuh GPO

We have a GPO configure which points to our WSUS Server for clients to receive updates on there computers ...

How do i configure my GPO so that if a Computer cannot contact the WSUS Server, then it should directly download the updates from Microsoft.

This is for our remote users who are out of office usually months a t a time
oasisukAsked:
Who is Participating?
 
DonConnect With a Mentor Network AdministratorCommented:
You would have to configure a second WSUS server that is configured to *NOT* store updates locally.  Then point these clients to that WSUS server. Then when they are connected to the network they will get their approvals and will always download from Microsoft.
0
 
Mike TLeading EngineerCommented:
Hi,

For WSUS 3 only you can configure the following GPO as described here.
The down-side is I think it would be an all or nothing affair with no control over approvals, i.e. what patches get installed.

A workaround as the expert mentions, is to configure another WSUS but it's then two servers to manage and could get messy.


Note, for WSUS 2 I will quote Lawrence Garvin a WSUS MVP
"There is no facility for either/or, or a 'fallback' scenario in WSUS v2.

 The best you can do is disable the policy "Specify intranet Microsoft update
 service location", which will force those clients to use "Automatic Updates"
 for the duration of their absence. In that scenario, they will obtain and
 install ALL critical and security updates. You will have no ability to choose
 which updates are installed."

Mike
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.