Windows Server Update Services - Disabling Service Does it stop Group Policy Settings ?

Question:

If I disable the Windows Update Services on a Target machine, yet my group policy is set to download and schedule install of updates... Would this effectively prevent the target machine from recieving updates ?

More spefically Here is my situation:

Im a Junior Administrator of a XenDesktop environment. We use PVS for our Virtuals. We update the Master image with a template machine.

Our WSUS policy is applied to the O/U that ALL of the VM's are. The service is disabled on the master image when we put the image back into read only mode.

Being that ALL the vm's recieve our windows update policy - Would this over ride the change made in the master image ? Or would disabling that policy prevent the VM's from being given updates should we run behind and not apply them ?
darthvetterAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Netman66Connect With a Mentor Commented:
You could, yes.  You can also use Targeting within WSUS to group computers that have differing requirements for patching or simply create a Global Group for the machines you want the policy to apply and place those machines into the group.  You will need to remove Authenticated Users from the policy and add the new group in so the policy only applies to that group.

More on targeting here:

http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/
0
 
SandeshdubeySenior Server EngineerCommented:
For the wsus client computer the windows update service should be enabled and set to atomatic else cleint will fail to recieve updates from wsus.Refer this link for client diagnosis tool where it will check automatic update service ie windows update in Win7 and later should be enabled.http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
0
 
Netman66Commented:
Your machines would get the policy applied, but the service won't re-enable itself.

You can also add to the policy with those settings to re-enable the service.  That should take care of the problem when the machines are deployed into the OU.
0
 
darthvetterAuthor Commented:
What is desired is preventing a computer is in an ou with a group police linked to it that has enabling settings to download WSUS updates.

If settings are enabled via GPO, can I simply prevent them from applying to specific machines by disabling the WINDOWS UPDATE SERVICE on individual endpoints ?
0
 
SandeshdubeySenior Server EngineerCommented:
Instead of disabling the service you can create two OU and disable the WSUS policy on one OU and enable the WSUS policy on second OU.Move the computer to desired OU as per requirement.You can also create groups as netman suggested.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.