Solved

Question about WSUS updates not using GPO

Posted on 2014-10-06
1
170 Views
Last Modified: 2014-10-20
I am seeing that computers that I have not assigned a GPO to, download and install updates on weekends nevertheless.

I have a computer group called Domain Controllers and Critical Servers, that seem to have updated this weekend, based on the install timestamp, despite not having any GPO assigned to them for scheduling. Therefore, I have configured a GPO and attached it to the Domain Controllers OU and disabled "Enable client-side targeting", "Specify internet Microsoft update service location" and "Configure Automatic Updates", so that no action will be taken with servers residing in the Domain Controllers OU.

Is this the way to go when attempting to prevent these machines from getting updated?

When I want them to be updated in a staggered fashion, I simply move a single DC to a server group that I know has a configured GPO assigned to it.

As it is now, any computers assigned to a Computer Group, despite not having an GPO applied to them, update nevertheless by default.

Is this correct?
0
Comment
Question by:nurturer69
1 Comment
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40363807
i would leave those 2 settings (client-side targeting; intranet location) as not configured and only configure the option to only "download and notify for install"
that way it won't automatically install and reboot
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question