Solved

Windows Updates throuh GPO

Posted on 2013-06-26
4
267 Views
Last Modified: 2013-08-07
We have a GPO configure which points to our WSUS Server for clients to receive updates on there computers ...

How do i configure my GPO so that if a Computer cannot contact the WSUS Server, then it should directly download the updates from Microsoft.

This is for our remote users who are out of office usually months a t a time
0
Comment
Question by:oasisuk
4 Comments
 
LVL 47

Accepted Solution

by:
dstewartjr earned 500 total points
ID: 39278730
You would have to configure a second WSUS server that is configured to *NOT* store updates locally.  Then point these clients to that WSUS server. Then when they are connected to the network they will get their approvals and will always download from Microsoft.
0
 
LVL 16

Expert Comment

by:Mike T
ID: 39282952
Hi,

For WSUS 3 only you can configure the following GPO as described here.
The down-side is I think it would be an all or nothing affair with no control over approvals, i.e. what patches get installed.

A workaround as the expert mentions, is to configure another WSUS but it's then two servers to manage and could get messy.


Note, for WSUS 2 I will quote Lawrence Garvin a WSUS MVP
"There is no facility for either/or, or a 'fallback' scenario in WSUS v2.

 The best you can do is disable the policy "Specify intranet Microsoft update
 service location", which will force those clients to use "Automatic Updates"
 for the duration of their absence. In that scenario, they will obtain and
 install ALL critical and security updates. You will have no ability to choose
 which updates are installed."

Mike
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now