?
Solved

Windows Server Update Services - Disabling Service Does it stop Group Policy Settings ?

Posted on 2013-10-31
5
Medium Priority
?
458 Views
Last Modified: 2013-11-05
Question:

If I disable the Windows Update Services on a Target machine, yet my group policy is set to download and schedule install of updates... Would this effectively prevent the target machine from recieving updates ?

More spefically Here is my situation:

Im a Junior Administrator of a XenDesktop environment. We use PVS for our Virtuals. We update the Master image with a template machine.

Our WSUS policy is applied to the O/U that ALL of the VM's are. The service is disabled on the master image when we put the image back into read only mode.

Being that ALL the vm's recieve our windows update policy - Would this over ride the change made in the master image ? Or would disabling that policy prevent the VM's from being given updates should we run behind and not apply them ?
0
Comment
Question by:darthvetter
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39615205
For the wsus client computer the windows update service should be enabled and set to atomatic else cleint will fail to recieve updates from wsus.Refer this link for client diagnosis tool where it will check automatic update service ie windows update in Win7 and later should be enabled.http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
0
 
LVL 51

Expert Comment

by:Netman66
ID: 39616768
Your machines would get the policy applied, but the service won't re-enable itself.

You can also add to the policy with those settings to re-enable the service.  That should take care of the problem when the machines are deployed into the OU.
0
 

Author Comment

by:darthvetter
ID: 39625353
What is desired is preventing a computer is in an ou with a group police linked to it that has enabling settings to download WSUS updates.

If settings are enabled via GPO, can I simply prevent them from applying to specific machines by disabling the WINDOWS UPDATE SERVICE on individual endpoints ?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 39625998
You could, yes.  You can also use Targeting within WSUS to group computers that have differing requirements for patching or simply create a Global Group for the machines you want the policy to apply and place those machines into the group.  You will need to remove Authenticated Users from the policy and add the new group in so the policy only applies to that group.

More on targeting here:

http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39626185
Instead of disabling the service you can create two OU and disable the WSUS policy on one OU and enable the WSUS policy on second OU.Move the computer to desired OU as per requirement.You can also create groups as netman suggested.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question