Solved

Windows Server Update Services - Disabling Service Does it stop Group Policy Settings ?

Posted on 2013-10-31
5
450 Views
Last Modified: 2013-11-05
Question:

If I disable the Windows Update Services on a Target machine, yet my group policy is set to download and schedule install of updates... Would this effectively prevent the target machine from recieving updates ?

More spefically Here is my situation:

Im a Junior Administrator of a XenDesktop environment. We use PVS for our Virtuals. We update the Master image with a template machine.

Our WSUS policy is applied to the O/U that ALL of the VM's are. The service is disabled on the master image when we put the image back into read only mode.

Being that ALL the vm's recieve our windows update policy - Would this over ride the change made in the master image ? Or would disabling that policy prevent the VM's from being given updates should we run behind and not apply them ?
0
Comment
Question by:darthvetter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39615205
For the wsus client computer the windows update service should be enabled and set to atomatic else cleint will fail to recieve updates from wsus.Refer this link for client diagnosis tool where it will check automatic update service ie windows update in Win7 and later should be enabled.http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
0
 
LVL 51

Expert Comment

by:Netman66
ID: 39616768
Your machines would get the policy applied, but the service won't re-enable itself.

You can also add to the policy with those settings to re-enable the service.  That should take care of the problem when the machines are deployed into the OU.
0
 

Author Comment

by:darthvetter
ID: 39625353
What is desired is preventing a computer is in an ou with a group police linked to it that has enabling settings to download WSUS updates.

If settings are enabled via GPO, can I simply prevent them from applying to specific machines by disabling the WINDOWS UPDATE SERVICE on individual endpoints ?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 39625998
You could, yes.  You can also use Targeting within WSUS to group computers that have differing requirements for patching or simply create a Global Group for the machines you want the policy to apply and place those machines into the group.  You will need to remove Authenticated Users from the policy and add the new group in so the policy only applies to that group.

More on targeting here:

http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39626185
Instead of disabling the service you can create two OU and disable the WSUS policy on one OU and enable the WSUS policy on second OU.Move the computer to desired OU as per requirement.You can also create groups as netman suggested.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question