Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows Server Update Services - Disabling Service Does it stop Group Policy Settings ?

Posted on 2013-10-31
5
Medium Priority
?
454 Views
Last Modified: 2013-11-05
Question:

If I disable the Windows Update Services on a Target machine, yet my group policy is set to download and schedule install of updates... Would this effectively prevent the target machine from recieving updates ?

More spefically Here is my situation:

Im a Junior Administrator of a XenDesktop environment. We use PVS for our Virtuals. We update the Master image with a template machine.

Our WSUS policy is applied to the O/U that ALL of the VM's are. The service is disabled on the master image when we put the image back into read only mode.

Being that ALL the vm's recieve our windows update policy - Would this over ride the change made in the master image ? Or would disabling that policy prevent the VM's from being given updates should we run behind and not apply them ?
0
Comment
Question by:darthvetter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39615205
For the wsus client computer the windows update service should be enabled and set to atomatic else cleint will fail to recieve updates from wsus.Refer this link for client diagnosis tool where it will check automatic update service ie windows update in Win7 and later should be enabled.http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
0
 
LVL 51

Expert Comment

by:Netman66
ID: 39616768
Your machines would get the policy applied, but the service won't re-enable itself.

You can also add to the policy with those settings to re-enable the service.  That should take care of the problem when the machines are deployed into the OU.
0
 

Author Comment

by:darthvetter
ID: 39625353
What is desired is preventing a computer is in an ou with a group police linked to it that has enabling settings to download WSUS updates.

If settings are enabled via GPO, can I simply prevent them from applying to specific machines by disabling the WINDOWS UPDATE SERVICE on individual endpoints ?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 39625998
You could, yes.  You can also use Targeting within WSUS to group computers that have differing requirements for patching or simply create a Global Group for the machines you want the policy to apply and place those machines into the group.  You will need to remove Authenticated Users from the policy and add the new group in so the policy only applies to that group.

More on targeting here:

http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39626185
Instead of disabling the service you can create two OU and disable the WSUS policy on one OU and enable the WSUS policy on second OU.Move the computer to desired OU as per requirement.You can also create groups as netman suggested.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question