Solved

Windows Server Update Services - Disabling Service Does it stop Group Policy Settings ?

Posted on 2013-10-31
5
448 Views
Last Modified: 2013-11-05
Question:

If I disable the Windows Update Services on a Target machine, yet my group policy is set to download and schedule install of updates... Would this effectively prevent the target machine from recieving updates ?

More spefically Here is my situation:

Im a Junior Administrator of a XenDesktop environment. We use PVS for our Virtuals. We update the Master image with a template machine.

Our WSUS policy is applied to the O/U that ALL of the VM's are. The service is disabled on the master image when we put the image back into read only mode.

Being that ALL the vm's recieve our windows update policy - Would this over ride the change made in the master image ? Or would disabling that policy prevent the VM's from being given updates should we run behind and not apply them ?
0
Comment
Question by:darthvetter
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39615205
For the wsus client computer the windows update service should be enabled and set to atomatic else cleint will fail to recieve updates from wsus.Refer this link for client diagnosis tool where it will check automatic update service ie windows update in Win7 and later should be enabled.http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
0
 
LVL 51

Expert Comment

by:Netman66
ID: 39616768
Your machines would get the policy applied, but the service won't re-enable itself.

You can also add to the policy with those settings to re-enable the service.  That should take care of the problem when the machines are deployed into the OU.
0
 

Author Comment

by:darthvetter
ID: 39625353
What is desired is preventing a computer is in an ou with a group police linked to it that has enabling settings to download WSUS updates.

If settings are enabled via GPO, can I simply prevent them from applying to specific machines by disabling the WINDOWS UPDATE SERVICE on individual endpoints ?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 39625998
You could, yes.  You can also use Targeting within WSUS to group computers that have differing requirements for patching or simply create a Global Group for the machines you want the policy to apply and place those machines into the group.  You will need to remove Authenticated Users from the policy and add the new group in so the policy only applies to that group.

More on targeting here:

http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39626185
Instead of disabling the service you can create two OU and disable the WSUS policy on one OU and enable the WSUS policy on second OU.Move the computer to desired OU as per requirement.You can also create groups as netman suggested.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Detect Failed Logins within Event Viewer 4 31
Windows mapped drive communications - Secure? 5 42
Installing Exchange 2016 2 25
Powershell query 1 20
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question